In 24.6% of large ransomware claims, attackers used phishing to infiltrate systems.

In 2022, victims paid on average 42.0% of the initial ransom demand.

The average duration business operations were affected by ransomware in retail was 32 days.

Extortion was triggered as the main driver of loss in 11.9% of claims (primary 15.6%, excess 3.3%), triggered with some loss impact in 11.6%, triggered with no loss impact known in 9.6%, and not triggered in 66.9%.

2020: 27.3% of large losses came from other causes, 29.2% from data breaches, and 43.4% from ransomware. Ransomware remained a dominant source of costly claims.

2019: 28.1% of large losses came from other causes, 29.2% from data breaches, and 45.1% from ransomware. Ransomware surged and became the leading cause of major cyber claims for the first time.

Ransomware incidents often lead to significant business interruptions, with some level of systems shutdowns occurring in approximately 92% of these cases.

For data breach cases where the attackers themselves disclosed the breach, it took an average of 38 days to notice the attacker prior to 2019.

Between 2019 and 2023, professional services experienced large losses primarily from ransomware (75.0%), followed by data breaches (14.3%) and other causes (10.7%).

Companies with revenues up to $250M had an average relative frequency of large claims on primary policies of 0.45.

Average initial ransom demand (based on all cases with ransom demand) in 2022: $21.46 million.

2010–2017: 62.3% of large cyber losses came from other causes, 37.7% came from data breaches, and ransomware caused 0.0% of major losses. At this stage, ransomware claims were rare, and most large claims stemmed from breaches and miscellaneous incidents.

The average duration business operations were affected by ransomware in technology was 57 days.

In 35.7% of data breach cases prior to 2019, the company’s own IT team or outsourced service providers detected the attack.

The average duration business operations were affected by ransomware in other industries was 44 days.

For data breach cases where the attacker was detected by a third-party, it took an average of 136 days to notice the attacker prior 2019.

Between 2019 and 2023, financial services experienced large losses primarily from data breaches (40.9%) and ransomware (40.9%), followed by other causes (18.2%).

Between 2019 and 2023, manufacturing experienced large losses primarily from ransomware (86.7%), followed by other causes (10.0%) and data breaches (3.3%).

Between 2019 and 2023, technology experienced large losses primarily from other causes (38.0%), followed by ransomware (32.0%) and data breaches (30.0%).

Business interruption was triggered as the main driver of loss in 17.5% of claims (primary 15.1%, excess 23.3%), triggered with some loss impact in 12.6%, triggered with no loss impact known in 7.3%, and not triggered in 62.6%.