Cyber insurance claims in North America reached record levels in 2023, according to a report by insurance broker Marsh. Specifically, Marsh received more than 1,800cyber claim reports from clients across the United States and Canada, the highest of any year. Increased cyber attackAccording to a report by insurance broker Marsh, cyberinsurance claims in North America reached record levels in 2023 sophistication, heightened supply-chain vulnerabilities‚-as demonstrated by the significant MOVEit breach in2023‚-and increased privacy claims are thought to be behind the record-high claims figure.
Marsh'sdata highlights the need for robust cyber defences for North American companies. "Organizations' cyber resilience strategy should incorporate a view of cyber risk across the enterprise, including its potential economic and operational impact and taking account of cybersecurity at vendors and other third parties," Marsh said in its report.
ReportFindings
One in 5 (21%) clients reported at least one cyber event in 2023, according to Marsh's report, up from 18% in 2022. Although a marginal increase, the percentage of clients reporting cyber events has remained relatively stable over the past five years.
However, one type of cyber event, cyber extortion, increased significantly in 2023. Specifically, 282 Marsh clients reported at least one cyber extortion event, including ransomware, in 2023, up from 172 in 2022. Furthermore, median extortion payments rose from $335,000 to $6.5 million between 2022 and 2023. The emergence of a new ransomware-as-a-service cybercrime model and an increase in bad actors could according to Marsh's report, one in 5 (21%) clients reported at least one cyber event in 2023 to be behind the inflated cyber extortion data.
Although ransomware and other cyber extortion events remain a pressing threat, it's worth noting that the number of ransomware events in 2023 was less than 20% of all claims reported. According to Marsh, "This means that privacy claims and system attacks leading to unauthorized access and potentially exposed data without an extortion component comprise a much larger share of cyber events reported."
Regardless, organizations must implement robust cybersecurity measures to reduce the risks of all cyber threat types. This may be even more important in health care, communications, retail/wholesale, financial institutions and education, which were the top five affected sectors in the report.
Next Steps
It's more important than ever for organizations to review their cyber hygiene measures amid frequent cyber events. Additionally, organizations should implement a robust cyber incident response plan that can act as a blueprint for an efficient response in case of a breach.
Contact KRGinsure today for additional cybersecurity resources and comprehensive insurance solutions.