In 17.0% of cases since 2019, breaches were first reported by external parties.

Between 2019 and 2023, other sectors experienced large losses primarily from ransomware (53.1%), followed by data breaches (25.0%) and other causes (21.9%).

The average duration business operations were affected by ransomware in manufacturing was 62 days.

Between 2019 and 2023, healthcare experienced large losses primarily from ransomware (57.1%), followed by data breaches (28.6%) and other causes (14.3%).

Companies with revenues between $250M and $500M had an average relative frequency of large claims on primary policies of 1.19.

In 6.4% of cases since 2019, the attackers themselves disclosed the breach.

Companies with revenues between $500M and $750M had an average relative frequency of large claims on primary policies of 1.40.

For data breach cases where the attackers themselves disclosed the breach, it took an average of 17 days to notice the attacker since 2019.

Companies with revenues between $750M and $2B had an average relative frequency of large claims on primary policies of 1.80.

Businesses typically required around two full months to restore operations following a ransomware attack.

The average duration business operations were affected by ransomware in financial services was 33 days.

Privacy and cyber security coverage was triggered in 13.2% of all claims, with a higher prevalence in excess claims(22.2%) compared to primary claims (9.4%).

Data recovery was triggered as the main driver of loss in 1.3% of claims, triggered with some loss impact in 17.5%, triggered with no loss impact known in 5.0%, and not triggered in 76.2%.

In 42.9% of cases prior to 2019, breaches were first flagged by outside parties such as security firms, regulators, or customers.

Average initial ransom demand (based on all cases with ransom demand) in 2021: $17.39 million.

In 2023, victims paid on average 39.1% of the initial ransom demand.

In 49.2% of large ransomware claims, attackers gained access by exploiting system vulnerabilities.

Business interruption coverage was triggered in 17.5% of all claims, occurring more frequently in excess claims(23.3%) than in primary claims (15.1%).

In 66.0% of data breach cases since 2019, the company’s own IT team or outsourced service providers discovered the attack.

Companies with revenues above $2B had an average relative frequency of large claims on primary policies of 1.86.