Ransomware is a dynamically evolving risk, impacting organizations around the world with rapidly increasing loss frequency and severity.
By 2025, global cybercrime costs to reach $10.5 trillion.
Global ransomware damage costs predicted to reach $20bn in 2021, up from $325m in 2015.
Every 11 seconds, a ransomware attack on businesses predicted, by 2021.
Source: Cybersecurity Ventures
Sophisticated cyber resilience is imperative, and companies need to continuously adapt in this changed threat environment.
Network outages and business interruption are lasting longer. AIG observed a typical outage length of 7-10 days from global ransom and extortion claims.
The demand and cost for forensics, recovery, legal counsel and other response services is at an all-time high given the volume of attacks.
Source: AIG cyber claims analysis, Q3 2020
AIG has seen an increase of more than 150% in frequency of ransom and extortion claims notifications since 2018.
All sizes of company are impacted by ransomware, across all types of industries.
Ransom and extortion claims accounted for 1 in every 5 cyber claims in 2020, up from 1 in every 10 cyber claims in 2018.
Demand values can be in the tens of millions of dollars with payments varying depending on the characteristics of the attack.
When data was exfiltrated prior to encryption, ransom and extortion claims costs were 2x higher.
Losses may impact multiple coverage sections: extortion, event management, network interruption, security & privacy.
Use strong authentication controls for all administrative access where possible, and deploy compensating controls where it’s not
Deploy modern endpoint controls and timely remediate vulnerabilities
Enable appropriate active directory controls and understand / verify your attack surface
We encourage you to visit http://www.cisa.gov/ransomware for additional actions and resources available to your organization to address ransomware*
Contact your local AIG cyber team member to learn how.
* Additional actions and resources available to your organization to address ransomware in other regions: