
The 2024 Cyber Claims Report: Mid-Year Update reveals important shifts in the landscape of cyber insurance claims during the first half of 2024. The report highlights a 14% increase in overall claims severity, largely driven by a sharp rise in ransomware attacks. Despite the number of attacks declining slightly, ransomware’s financial impact grew significantly, with average losses hitting $353,000 per event. This increase reflects the sophisticated tactics of cybercriminals who, despite facing successful negotiations that reduced ransom demands by 50%, continue to target larger businesses for bigger payoffs. Ransomware frequency decreased by 10%, but its severity and financial consequences surged, indicating that the attacks that do occur are becoming more costly.
Business email compromise (BEC) was another notable cyber threat in the first half of 2024. BEC frequency rose 4%, driven in part by the integration of artificial intelligence (AI) into cybercriminal tactics. AI allowed attackers to scale phishing campaigns more easily and create harder-to-detect attacks, leading to increased losses. While BEC accounted for nearly one-third of all claims, the average severity of these claims decreased by 30%, with businesses under $100 million in revenue contributing to the decline.
Third-party cyber disruptions emerged as a major concern in 2024, affecting industries ranging from healthcare to automotive. High-profile ransomware attacks on companies like Change Healthcare and CDK Global had ripple effects, causing widespread disruptions across sectors. The Change Healthcare attack, for instance, impacted 90% of U.S. pharmacies, crippling healthcare services and costing the company an estimated $1.6 billion in losses. Similarly, CDK Global’s attack affected over 15,000 auto dealerships, with total losses exceeding $1 billion.
Despite these trends, funds transfer fraud (FTF) continued its steady decline, with FTF frequency dropping by 2% and average losses down to $218,000. Coalition’s quick response and successful efforts to claw back stolen funds helped mitigate the damage. Additionally, the report emphasizes the growing threat of non-encryption system compromises, which accounted for a significant portion of reported incidents, reflecting ongoing weaknesses in basic security controls across many businesses.
The report underscores the increasing importance of proactive risk management and the critical role cyber insurance plays in helping businesses navigate an evolving threat landscape.