Despite drop in claim frequency, ransomware costs soar in first-half 2024: Coalition

BEC events now account for nearly one-third of all claims

By Erin Ayers and Karla Tecson, Front Page News

Cyber claims frequency dropped slightly in the first half of 2024, but claims severity rose by 14% due to a 68% spike in ransomware costs, according to a new report from Coalition.

Ransomware claims had the highest average loss in H1 2024 at $353,000, according to the mid-year update for Coalition’s 2024 Cyber Claims Report.

“Although the frequency of using ransomware as an attack strategy actually decreased this half, we saw a marked spike in the severity and demand amounts, especially those associated with the Play and BlackSuit ransom variants,” said Rob Jones, Coalition’s head of claims, in a statement. He added that, despite the increase, Coalition’s incident response team successfully cut ransom demands in half via negotiations.

The average ransom demand dropped to $1.3 million from $1.5 million in the first half of 2023, and 40% of firms faced with a ransomware event opted to pay the demand.

Jones said, “The facts remain clear: the use and impact of ransomware remains as volatile as ever.”

Across all types of claims, the average loss amount rose 14% to $122,00. Larger businesses with more than $100 million in revenue bore the brunt of the increase in claims severity, with a 140% rise to a “historic high” of $307,000, according to the report.

Businesses with $25 million to $100 million saw an average loss of $129,000 (up 23%) and businesses with less than $25 million in revenue saw their average loss drop by 4% to $73,000.

Business email compromise (BEC) events may have a lower average cost per claim than ransomware at $26,000, but they now account for nearly one-third of all cyber claims handled by Coalition.

Larger businesses with more than $100 million in revenue saw the sharpest spike in BEC frequency at 60%. Businesses in the “consumer discretionary” businesses with $100M+ in revenue saw a 250% spike in BEC events, while smaller financial services firms (those with between $25 million and $100 million in revenue) experienced a 390% jump.

Coalition suggested the use of artificial intelligence may have contributed to the rise in BEC events.

“AI has the capability to rapidly scan and analyze large datasets such as social media profiles, public documents, online activities, etc., and that can help threat actors identify targets more quickly,” warned Amy Cohagan, senior incident response analyst at Coalition, during a recent webinar. “AI also has the capability to extract details from these large datasets, and that can include information about a company’s hierarchy or personal details about employees – all of which can be leveraged to easily craft personalized phishing messages.”

Coalition found that during the first six months of the year. Despite the increase in frequency, the $26,000 average loss for BEC marks a 30% drop in severity.

The frequency and severity of funds transfer fraud (FTF) events continued to decline in the first six months of the year, down 2% and 15%, respectively. Coalition also reported clawbacks of $10.8 million from fraudulent payments in the first half of 2024, with an average of $208,000 per FTF claim.

“Even so, the average loss for these events is still over $200,000, which of course can be a big blow to a business’ balance sheet,” Jones noted during Coalition’s webinar on the report.

Non-encryption system compromise continues to be a menace

BEC, ransomware, and FTF accounted for nearly 75% of all reported claims in the first half of 2024, but Coalition emphasized the significant impacts of third-party disruption and non-encryption system compromise during the first half of the year.

Of the remaining 25% of claims, non-encryption system compromise has steadily increased over the past two years and now accounts for nearly two-thirds of the “other” category of claims.  

“One of the reasons why we’re calling out this particular trend, with non-encryption system compromise is because it’s now being made up of 14% of all reported claims. The data overall show that this has been slowly trending upwards for about two years now. What’s interesting about this data is that if we view it together, we can make some inferences about what real-world changes are being made here,” Cohagan explained. “Since we’re seeing an upward trend of non-encryption system compromise, we’re seeing a slight decrease in ransomware frequency, we can infer that security controls have adapted to protect against ransomware.”

In terms of third-party disruption, Coalition highlighted the ransomware attacks on Change Healthcare and CDK Global earlier this year. The Change Healthcare event left pharmacies and healthcare firms unable to complete critical services for over a month, while CDK Global disrupted about 15,000 auto dealers.

While most of the reports stemming from these events didn’t result in an insured loss for Coalition, the insurer offered resources, workarounds, and advice from claims teams to affected clients.

Marie Alyssa Divina contributed to this report.