Report: Cybercrime ‘A Thriving Business’ as US Claims Frequency Rises
Cyber claims frequency in the United States rose 13% last year, a new report shows.
According to the 2024 Cyber Claims Report published by Coalition, an insurer focused on digital risks, cybercrime is “a thriving business that adversely impacts” the economy. In 2023, there were more than 880,000 complaints sent to the FBI with reported losses totaling $12.5 billion.
Although overall claims severity decreased in the latter half of the year, it did not offset a first half spike driven by increased ransomware claims.
Frequency/Severity
Last year, claims frequency remained below the historic high of 2021, yet overall claims frequency increased by 13% year-over-year in 2023. The overall claims severity rose 10% year-over-year, with an average loss of $100,000 due to the surge of ransomware claims in the first half of the year, according to the report.
More than half (52%) of all reported cyber matters were handled without any out-of-pocket payments by the policyholder.
Coalition representatives Rob Jones, head of claims, Shelley Ma, incident response lead, and Mike Volk, senior product marketing manager, hosted a webinar after the release of the report to break down trends and cyber claims.
“Severity stabilized in the latter half of the year after a volatile start,” Jones said. “After spiking to an average loss amount of more than $236,000 in the first half 2023, businesses with more than $100 million of revenue saw severity cut in half, but still a 21% increase year-over-year.”
Claims frequency rose across businesses of all revenue amounts. Businesses with between $25 million and $100 million in revenue saw a 32% increase. Frequency for businesses with more than $100 million rose 14%, while businesses with less than $25 million in revenue experienced an 8% increase, the report shows.
The report shows ransomware accounted for 19% of reported claims, making it historically the largest source of claims severity. “The ransomware variants that drove losses shifted,” Coalition said in the report. “LockBit ransomware had two variants that appeared in the second half of the year.
Among Coalition policyholders, LockBit 3.0 accounted for 12.9% of all ransomware claims and LockBit 2.0 accounted for 2.09% of claims. Notably, the LockBit ransomware gang was briefly taken offline by law enforcement in early 2024 before reappearing three days later.
Coalition said funds transfer fraud (FTF) frequency rose 2%, while FTF initial severity increased 24% year-over-year to an average loss of more than $278,000.
Claim frequency for “other events” (such as errors, legal, privacy, media, third-party compromise), increased by 21% year-over-year, while severity for “other events” increased by 28% to an average loss of more than $53,000, the report shows.
While claims related to business email compromise (BEC) fell 8%, cybersecurity trends point to threat actors using generative artificial intelligence (AI) tools to launch more sophisticated attacks.
“Phishing emails are becoming more credible and harder to detect, and threat actors are believed to be using AI to parse information faster, communicate more efficiently, and generate campaigns targeted toward specific companies – all of which may contribute to increases in FTF claims,” the report states.
Proactive Steps
The report called out the advantages of proactive steps, and best practices. For example, businesses that use a boundary device to protect their network – if their best practices include updating firmware and monitoring all endpoints – are able react quickly if the boundary device has been compromised.
These technologies are critical to business operations. However, these devices are also often prime targets for threat actors.
“These tools are considered indispensable for managing cyber threats, and yet at the same time our research has found a concerning trend that certain boundary devices with known vulnerabilities could actually increase the likelihood of a cyber claim,” Ma said. “The findings of our claims report were eye-opening, especially regarding the increased risk that’s faced by organizations using boundary devices such as firewalls and VPNs.”
The report showed relative claims frequency for Coalition policyholders using Cisco Adaptive Security Appliance (ASA) devices, which both enable remote access and protect networks with firewall, antivirus, intrusion prevention, and VPN capabilities, surged in 2023.
Businesses with internet-exposed Cisco ASA devices were nearly five times more likely to experience a claim in 2023, up from being roughly two-and-a-half times more likely to experience a claim in the previous two years.
“Several critical vulnerabilities impacting Cisco ASA devices were discovered in 2023, likely contributing to the increased relative frequency,” Coalition said in the report.
“Security researchers discovered that the ransomware gang Akira was actively exploiting a Cisco ASA vulnerability from 2020, which posed a significant risk for businesses that has continued into 2024.”
Fortinet’s variety of boundary devices are often exploited by threat actors because of the level of privileged access that can be gained by compromising them. Businesses with internet-exposed Fortinet devices were twice as likely to experience a claim in 2023, according to the report.
“Policyholders using internet-exposed Remote Desktop Protocol (RDP) were two-and-a-half times as likely to experience a claim in 2023,” Ma said.