Ransomware on the Rise, Changes in Cyber Market on the Horizon

By Robert H. Rosenzweig

Ransomware on the Rise, Changes in Cyber Market on the Horizon

For the last couple of years, ransomware attacks — in which cyber criminals gain access to a computer system, encrypt the data and demand a ransom to restore it — have been on the rise, with a significant acceleration of incidents in the last few months. In fact, a recent Malwarebytes Labs report found a 195% increase in business detections of ransomware from the Q4 of 2018 to Q1 of 2019 (and a 500% uptick from the same time last year).

As we noted in a recent article in SC Magazine, a new trend in ransomware has emerged in light of the spike in attacks: more and more victims are paying the ransom. This is primarily because the ransomware targets back-up systems as well as production environments, leaving no good options to effectively eliminate risks. Based on the sophistication of the new ransomware, most businesses now are forced to pay the ransom. In instances where they choose not to pay, or in which they can’t recover their data, they are looking at seven-figure business interruption losses.

And all this is impacting the insurance marketplace. For the first time ever, the growth of ransomware insurance claims is outpacing the growth of new customers of cyber insurance. This a sign that change could be on the horizon.

The Evolution of Ransomware

Cyber security breaches over the last five years have primarily involved hackers accessing systems and stealing personal data that they could sell on the Dark Web. We saw massive breaches on B2C companies, like the attack on Yahoo! in 2013 that exposed the personal data of 3 billion users, the 2017 Equifax breach that jeopardized the personal data of 143 million customers and the 2018 Marriott breach that affected 500 million customers.

But today, with the black market for personal data softening, bad actors are turning to ransoms to monetize their hacks. Extortion is a lot quicker and more lucrative than selling stolen data.

At some level, all organizations are dependent on data to service their customers or constituents. No longer are hackers only targeting B2C companies. Any industry and any sized company or enterprise is vulnerable. Government entities are being targeted more and more. For example, the governor of Louisiana recently declared a state of emergency after three school districts were frozen out of their data by ransomware attacks.

Costlier Attacks, More Claims

Ransomware attacks are getting costlier. The average claim costs are increasing by at least 2x in most cases from just a year ago.

Historically, cyber insurance buyers have benefited from depressed market pricing. Coverage has been inexpensive and written broadly. But, as the frequency and cost of claims continue to go up, that might be unsustainable as insurers adjusts.

What does the future of cyber insurance hold? Newer insurance companies in this space that don’t have the premium volume to support the rising claims costs might retrench a little. Carriers that stay in the space might start to normalize pricing.

Given how costly it is to pay the ransoms and respond to these attacks, and how frequently they now happen, if things continue to trend in this direction, we’re sure to see some changes in limits and pricing of cyber insurance.


Find me on LinkedIn, here.

Connect with the Risk Strategies Cyber Risk team at

Email me directly at