Malware and ransomware accounted for 51% of all cyber insurance claims in 2024, up from 32% in 2023.

In 2023, victims paid on average 39.1% of the initial ransom demand.

Businesses typically required around two full months to restore operations following a ransomware attack.

Companies with revenues between $750M and $2B had an average relative frequency of large claims on primary policies of 1.80.

Companies with revenues above $2B had an average relative frequency of large claims on primary policies of 1.86.

Average initial ransom demand (based on all cases with ransom demand) in 2021: $17.39 million.

Between 2019 and 2023, other sectors experienced large losses primarily from ransomware (53.1%), followed by data breaches (25.0%) and other causes (21.9%).

Companies with revenues between $250M and $500M had an average relative frequency of large claims on primary policies of 1.19.

Data recovery was triggered as the main driver of loss in 1.3% of claims, triggered with some loss impact in 17.5%, triggered with no loss impact known in 5.0%, and not triggered in 76.2%.

Business interruption coverage was triggered in 17.5% of all claims, occurring more frequently in excess claims(23.3%) than in primary claims (15.1%).

Privacy and cyber security coverage was triggered in 13.2% of all claims, with a higher prevalence in excess claims(22.2%) compared to primary claims (9.4%).

In 49.2% of large ransomware claims, attackers gained access by exploiting system vulnerabilities.

The average duration business operations were affected by ransomware in financial services was 33 days.

In 42.9% of cases prior to 2019, breaches were first flagged by outside parties such as security firms, regulators, or customers.

In 66.0% of data breach cases since 2019, the company’s own IT team or outsourced service providers discovered the attack.

In 17.0% of cases since 2019, breaches were first reported by external parties.

2021: 29.7% of large losses came from other causes, 23.7% from data breaches, and 46.6% from ransomware. Ransomware overtook all other causes and drove nearly half of the biggest cyber claims.

Average initial ransom demand (based on all cases with ransom demand) in 2019: $7.77 million.

In 16% of large ransomware claims, attackers leveraged compromised or weak credentials to gain entry.

In 2019, organizations took an average of 76 days to restore operations after a ransomware attack.