The number of ransomware claims filed by U.S. clients of insurance broker Marsh spiked 77% in the first quarter of the year compared with the prior three-month period, the company told CFO Dive.
Marsh saw 55 ransomware claims from U.S. clients in the first quarter of the year versus 31 claims in the fourth quarter. The figures, which are expected to be published in an upcoming report, follow a downward trend in 2022 that had been credited with helping to moderate skyrocketing premiums in the cyber insurance market.
“I do think that we can still continue to see a deceleration of rate increases for those companies that have an optimal cyber risk maturity profile and have not suffered significant events that have caused the carriers to make claim payments,” Meredith Schnur, Marsh’s U.S. and Canada cyber brokerage leader, said in an interview.
Resilience, a San Francisco-based cyber insurance provider, has seen a similar uptick in ransomware claims, according to Amanda Bevilacqua, the company’s director of security engagement and claims.
One possible explanation for the resurgence is that ransomware purveyors based in Russia are now recalibrating after being temporarily preoccupied with the country’s war against Ukraine, which has involved the use of cyber attacks, Bevilacqua told CFO Dive.
“Money speaks louder than politics,” she said. “The theory is that those operators have run out of money, and they’re back now looking to fund their operations.”
With ransomware attacks, criminals use malicious software to prevent companies from accessing their own computer files, systems or networks, and they demand the payment of a ransom to have such access restored. Such attacks can also involve a threat to leak sensitive data to the public internet.
The first three months of 2023 saw a resurgence of ransomware activity, as major groups associated with it, including LockBit and Clop, executed mass attacks and new players joined the field, according to a recent report from Black Kite, a Boston-headquartered cybersecurity firm. The number of victims publicized by ransomware gangs increased from 163 in January to 410 in March, the report said.
“While there were some signs of ransomware decreasing last year due to increased pressure from law enforcement and several ransomware groups shutting down, the last few months serve as a stark reminder that we are far from being in the clear,” Black Kite Chief Security Officer Bob Maley said in a press release. “As more ransomware groups exploit vulnerabilities in third-party vendors, businesses will be blindsided unless they continuously monitor their extended ecosystem for susceptibility indicators and the earliest warning signs of risk.”
Companies that have publicly disclosed ransomware attacks during the first few months of 2023 include KFC and Taco Bell parent company Yum Brands, satellite cable provider Dish Network, hamburger chain Five Guys and produce giant Dole Foods.
The prevalence and severity of the ransomware problem has helped to make cybersecurity much more of a C-suite level issue within organizations in recent years, John Pearce, a cyber risk advisory services principal at Grant Thornton, a Chicago-based accounting firm, previously told CFO Dive.
Governments are paying close attention too. As part of a project known as the International Counter Ransomware Initiative, the U.S. and other nations have discussed the idea of banning ransomware payments, Industry Dive sister publication CIO Dive reported on Monday.
In March, the White House released a report that identified ransomware as a national security threat.
According to Black Kite’s report, ransomware attacks experienced a period of “relative stagnation” throughout 2022 as international sanctions stemming from Russia’s invasion of Ukraine hindered the movement of ransom-related funds. In addition, increased pressure from law enforcement and successful joint operations against ransomware groups in 2021 and 2022 led to heightened caution among cyber criminals, the report said.
Last year also saw a deceleration of rising cyber insurance premiums, as fewer ransomware claims were filed. According to a Marsh report last month, premiums continued to moderate during the first quarter of 2023, with prices rising by 11% on average, compared with 28% during the fourth quarter.
Schnur said companies hoping for further stabilization of the cyber insurance market have reasons to remain optimistic, despite the recent resurgence of ransomware claims. She cited healthy competition in the sector resulting from new entrants as one example.
“I still think we’ll continue to see what I’ll call a stabilizing market,” she said.