Targeted ransomware attacks on two Las Vegas casino operators generated compelling headlines last month and signaled that the recent acceleration in cyberattacks appears to be here to stay — at least for now. The incidents are a reminder that not even an “Ocean’s Eleven” level of casino security is enough to stop businesses from being penetrated in today’s interconnected world. 

Cyber risks continue to be ranked as a “top risk” by various industry barometers. For example, cyber threats remained a top three concern for the ninth consecutive year among small, medium-sized and large businesses, according to a recent national survey conducted by Travelers Cos. Inc. But despite confidence that they’ve implemented best cyber practices, at least 25% of businesses have not taken essential steps such as installing a firewall or virus protection and implementing data backup and password updates, the survey found. A much larger percentage don’t use endpoint — that is, determining the devices being used — detection and response (64%), or use multifactor authentication for remote access (44%). 

Businesses are seeing both the frequency and severity of cyber claims increase, and ransomware is largely responsible. Ransomware activity has been escalating since the start of 2023 after an 18-month lull, according to Coalition Inc., a San Francisco-based managing general agent. In a mid-year cyber claims update, Coalition said ransomware was the largest driver of an increase in claims frequency, which was up 12% overall in the first half of the year compared with the preceding six months. Large businesses with more than $100 million in revenue were hit the hardest, as they experienced a 20% increase in claims frequency and 72% jump in claims severity to $236,779.

The resurgence isn’t so surprising given that cybercriminals are financially motivated and ransomware attacks can be so lucrative. Those companies hit by ransomware attacks reported an average loss of more than $365,000 in the first half of the year, up from the previous high of more than $227,000, Coalition reported. The average ransom demand was $1.62 million, a 47% increase over the previous six months. When deemed reasonable and necessary, some 36% of Coalition policyholders opted to pay a ransom, and among claims that resulted in payment, the MGA said it negotiated the amount down to an average of 44% of the initial demand.

This snapshot of ransomware claims backs broker commentaries pointing to the broader rebound in ransomware claims payments. As we report here, ransomware is still a major peril for insurers and policyholders and how that will affect the price and availability of cyber coverage remains unclear. 

After ransomware activity increased from 2019, cyber insurers responded by hiking rates and insisting on cybersecurity improvements. As rate adequacy and cyber controls took effect, market confidence returned and brought fresh capacity. This has led to ample capacity being available, and greater competition, and as we report on page 29, reinsurers and brokers are hopeful that the development of cyber risk models will lead to more traditional and capital markets-based capacity entering the cyber market. This time last year, policyholders were seeing cyber rate increases of more than 50%. Now, the average increase is 3.6%. But with claims increasing and many businesses apparently still not deploying the cybersecurity controls needed to thwart attacks, all bets are off as to how long these favorable buying trends can continue. Meanwhile, companies that do employ sound cyber risk management will expect differentiated treatment from underwriters.