Ransomware is a dynamically evolving risk, impacting organizations around the world with rapidly increasing loss frequency and severity.
Ransomware
AIG's insights are intended to focus conversations around loss preparation and risk management, and help guide well-informed cybersecurity investments.
Cybercrime, and specifically ransomware, is growing exponentially.
By 2025, global cybercrime costs to reach $10.5 trillion.
Global ransomware damage costs predicted to reach $20bn in 2021, up from $325m in 2015.
Every 11 seconds, a ransomware attack on businesses predicted, by 2021.
Ransomware is rapidly evolving, fueled by the rise of:
Ransomware as a Service (RaaS)
Sophisticated cyber resilience is imperative, and companies need to continuously adapt in this changed threat environment.
Data exfiltration prior to encryption
Network outages and business interruption are lasting longer. AIG observed a typical outage length of 7-10 days from global ransom and extortion claims.
Deeper, more invasive attacks
The demand and cost for forensics, recovery, legal counsel and other response services is at an all-time high given the volume of attacks.
Source: AIG cyber claims analysis, Q3 2020
Ransomware claims have increased significantly in frequency and severity in recent years and continue to evolve.
AIG has seen an increase of more than 150% in frequency of ransom and extortion claims notifications since 2018.
All sizes of company are impacted by ransomware, across all types of industries.
Ransom and extortion claims accounted for 1 in every 5 cyber claims in 2020, up from 1 in every 10 cyber claims in 2018.
Demand values can be in the tens of millions of dollars with payments varying depending on the characteristics of the attack.
When data was exfiltrated prior to encryption, ransom and extortion claims costs were 2x higher.