Estimated reading time: 4 minutes
Cyberattacks are costing businesses millions – 88% of global cyber losses now tied to claims above $1 million, according to AXA XL. Analysis of more than 300 incidents reveals a stark reality: ransomware alone drives over 60% of recent large claims, with ransom demands spiking to an average of $32 million in 2023. The report, Cyber Claims Unveiled: A Focused Study on Trends, Threats, and Tailored Solutions, paints a picture of rising severity, growing business interruption, and industry-specific vulnerabilities shaping the cyber insurance market.
Large Losses Shape the Cyber Landscape
AXA XL’s research reveals that the most significant cyber incidents continue to escalate in severity. The report notes that ransomware claims are showing a clear upward trend, while non-ransomware data breach claims are decreasing in severity.
“These findings highlight a vital truth in the cyber risk landscape: a limited number of high-value claims account for the bulk of total losses,” said Fran Gari, Head of Pricing, Global Cyber at AXA XL.
Ransomware Emerges as the Leading Threat
Since 2018, ransomware has become the dominant driver of large claims. In 2023, ransomware accounted for 62.8% of AXA XL’s large loss claims.
And that looks to remain the case. The report shows ransom demands rising steeply. The average demand jumped to $32 million in 2023. At the same time, negotiation tactics are evolving, with specialized negotiators increasingly influencing outcomes.
Attackers often exploit system vulnerabilities and weak credentials, using admin access to move laterally and maximize damage. Many also exfiltrate sensitive data before encrypting systems, creating dual pressure points during negotiations.
According to AXA XL, ransomware attacks often trigger multiple insurance agreements, including extortion, data recovery, and business interruption coverage.
Business Interruption Creates Lingering Impact
The study found that 92% of ransomware incidents led to business interruptions. Companies typically require about two months to restore operations.
Manufacturing organizations were hit hardest, with longer recovery times compared to retail. Even shorter disruptions proved costly for retailers due to high daily transaction volumes.
AXA XL noted some encouraging progress: businesses are now restoring systems faster, and fewer claims involve compromised backups.
Improved Breach Detection Boosts Resilience
The analysis highlights improvements in breach detection. Before 2019, only 35.7% of breaches were detected internally. Since then, insureds identified 66% of incidents themselves, signaling improved monitoring and security practices.
“Shorter shutdown durations and an increasing number of companies successfully detecting breaches independently show that organizations are becoming more resilient,” said Danielle Roth, Head of Cyber Claims for AXA XL in the Americas.
Industry and Company Size Matter
The study shows industry and size play decisive roles in cyber risk exposure.
- Healthcare and financial services face the highest frequency of large claims, driven by sensitive data, regulation, and high stakes.
- Manufacturing and retail sectors face higher risks of business interruption from ransomware.
- Larger firms see more frequent claims due to broader attack surfaces. At the same time, SMEs suffer heavier impacts relative to their size when incidents occur.
Get The Cyber Insurance Upload Delivered
Every Sunday
Subscribe to our newsletter!
This data underscores the importance of tailored insurance policies that reflect industry-specific vulnerabilities. For example, healthcare claims often involve regulatory fines alongside breach costs. At the same time, manufacturing faces supply chain disruptions and longer downtime.
Expert Views on Future Preparedness
“The data tells us a story,” said Andrew Farr, Global Chief Underwriting Officer for Financial Lines at AXA XL. “By understanding the narratives of our most prominent cyber claims, AXA XL can leverage our own experiences to improve underwriting practices, develop new products, adjust risk pricing strategies, and enhance our risk management solutions.”
The report concludes that effective cyber defense requires tailored insurance policies, sector-specific strategies, and proactive risk management.
Related Posts
