The Ratio of Cyber Ransoms Demanded to Ransoms Paid Is Declining: Corvus Report

October 21, 2021

There are some early signs of improvement in ransomware costs due in part to policyholder actions that helped reduce cybersecurity risks, according to a new report from Corvus Insurance.

The InsurTech startup’s inaugural Corvus Risk Insights Index found that the ratio of ransoms demanded to ransoms paid is declining steadily. Ransomware claims resulting in a ransomware payment shrank from 44 percent in Q3 2020 to 12 percent in Q3 2021, Corvus found. Another factor that helped – the shutdown of Darkside and Revile during the 2021 second quarter – two prolific ransomware groups.

Bu Corvus said that the dip in demand-to-pay ratio came largely from better policyholder preparedness and resiliency. Having system backups helped breach response professionals handle any resulting ransomware situations more efficiently and get companies back online faster.

“The data revealing that the declining ratio of ransoms demanded versus ransoms paid can be attributed to the fact that backup processes among policyholders have significantly improved. Although policyholders are still experiencing ransomware attacks, they are taking a more proactive approach to mitigate their exposure,” Lori Bailey, Corvus’s Chief Insurance Officer, told Carrier Management in an email statement. “This is promoting better resiliency towards ransomware attacks, as well as increasing policyholder / carrier engagement. From a wider cyber insurance view, it also indicates a general trend towards integrating cyber resiliency as part of the risk management process, which should further reduce loss costs in the future.”

At the same time, Corvus said, ransomware attacks remain costly. The average cost in 2021 remains at $142,000, about the same as in 2020. Corvus said there was a spike in the average cost of a ransomware attack in the third quarter, but there were fewer overall attacks, and fewer attacks where any ransom was paid.

Looked at another way, Corvus found that ransomware claims in the 2020 second quarter rose through the 2021 first quarter, but dropped by 50 percent in Q2 2021 and that drop continued in the third quarter. While breach response costs (forensics and recovery efforts) grew from 29 percent to 52 percent of overall claim costs, business interruption costs shrunk because of expanded preparedness and resiliency.

“We hope this report will spark new cybersecurity innovation and spread awareness on how lower-effort, high-impact measures can make a significant difference in any organization’s risk,” Madhu Tadikonda, President of Corvus Insurance, said in prepared remarks.

The Corvus report focuses specifically on Cyber and Technology E&O (Errors and Omissions) risk and is broken down into four sections, including: litigation risk, cyber risk technologies, ransomware, and cyber vulnerability. All sections include contextual background on how foundational security methods can impact cybersecurity posture across organizations, pointing to how key indicators have fluctuated throughout the past few years.

According to Corvus, its study is compilation of industry trends and data analysis based on its proprietary IT security scanning technology, the Corvus Scan, as well as other first- and third-party data sources.

Source: Corvus Insurance