Ransomware Damage Claims Driving Insurance Hikes

July 4, 2023

Ransomware damage claims driving insurance hikes in unprecedented numbers, forcing insurers to raise rates and tighten requirements and terms. It’s a phenomenon that’s revolutionizing the cyber insurance market.

Insurers are concerned that nonstate actors could expand the legal gray area around what is and isn’t covered by policies, which could increase risks to policyholders.

Increased Loss Ratios

Ransomware damage claims driving insurance hikes. It has transformed the insurance landscape. It’s leading insurers to question if they can contain it on their own and how best to address any damage it causes in the short-term.

Ransomware can be particularly problematic because it encrypts user files, which can only be decrypted by paying a ransom to the attacker. Furthermore, this malicious software often takes backups of victims’ systems, making restoring data after an attack even more challenging.

Security experts warn victims against paying ransoms as it often offers them an incentive. By paying the ransom, victims are hindering their own attempts at file restoration since ransomware encryption is built-in to the malicious code and can only be decrypted with knowledge of the attacker’s encrypted key.

To combat this problem, many insurance companies have implemented ransomware sublimits for first and third-party losses due to extortion. These endorsements help insureds regain lost revenue without jeopardizing other coverages such as network security, information privacy or system disruption.

Cyber insurance companies have also implemented policy language that encourages companies to adopt best practices for data security. These include enhanced risk assessment processes and new cyber maturity rating schemes which assess a company’s cybersecurity controls.

Insurers have also raised retentions, deductibles and co-insurance rates to offset the costs of cyber insurance claims. These changes are motivated by a desire to reduce ransomware attacks and are intended to motivate organizations to implement essential cybersecurity measures.

These actions are part of a growing trend among cyber insurance providers that aims to mitigate financial damages caused by ransomware attacks and ensure they can quickly retrieve their assets. Insurers are also striving to enhance their models for cyber risk prediction in order to better estimate future losses and customize pricing for clients.

Insurers’ success depends on their ability to adapt and enhance their strategies, such as improving risk assessments, strengthening policy terms and expanding offerings. To do so requires integration of new technologies, more sophisticated underwriting models and new methods for encouraging organizations to adopt cyber best practices.

Increased Policy Expenses

Ransomware damage claims driving insurance hikes. It has become an increasingly lucrative target for cybercriminals, leading some insurers to start taking a hard line on ransomware damage claims. AXA, one of Europe’s largest insurers, announced in April that they would no longer pay out ransoms under their cyber insurance policies. This decision came after cybersecurity leaders within France’s government and Senators expressed concerns about massive payouts being made to cybercriminals.

Insurers are responding to the rise of these new types of attacks by raising cyber premiums and tightening eligibility criteria. Furthermore, they require stronger data backups as well as more stringent security protocols.

Due to the rise in cyberattacks, companies must now be prepared for any incident. While data backups and strong security protocols are necessary, it should be remembered that these measures are not always successful.

Additionally, many companies still need to pay ransoms in order to regain access to their data or systems, leading to further increased costs. Travel-exchange company Travelex recently suffered from a crippling ransomware attack that shut down operations for weeks. Hackers demanded $6 million in payments in order to regain control over the company’s computer systems.

Data from NetDiligence indicates that ransomware events are accounting for a substantial portion of business interruption and recovery expense losses in the U.S., with professional services firms experiencing the highest incidence of such incidents.

On average, ransomware claims are very costly due to the extensive damage they cause beyond just paying out a ransom. On average, ransomware claims cost $256,000 while fraudulent funds transfer (FFT) claims average around $90,000.

Some companies are adapting to this new reality by making more sophisticated changes to their cybersecurity strategies, such as updating software, adding a backup solution and installing antivirus software. While these steps are not guarantee success, they can serve as an effective first line of defense in minimizing the risk of being hit with ransomware attacks.

Though these changes are necessary, it’s also essential to remember that ransomware and other types of cyberattacks will likely increase in frequency and severity over the next decade due to changes in the threat landscape. With an ever-increasing number of attackers entering the fray, protecting your organization becomes even more challenging in such a complex environment.

Increased Reimbursement Rates

Ransomware damage claims have caused insurance rates to skyrocket, according to a new report from London-based reinsurance firm Willis Re. Cyber insurance reinsurance rates have surged up to 40% during the recent July renewal period.

This rise is likely due to an increasing frequency of these attacks, which are proving costly for organizations. According to a survey of security professionals, 83 percent reported having suffered at least one ransomware attack within five years.

Many of these attacks are followed by prolonged downtime that can impact both employees and customers alike. For instance, a Colonial Pipeline attack shut down gasoline service to nearly half of the East Coast for six days, while ransomware at Massachusetts Steamship Authority disrupted operations, forcing ferry services to slow down.

These attacks have also prompted an uptick in the number of companies using cyber insurance and reinsurance to help cover recovery expenses from these incidents. Top sectors using such policies include professional services, health care, technology, manufacturing and retail.

As demand for ransomware-related insurance increases, it’s essential to remember that not all cyber insurance covers are created equal. Some do not adequately cover the cost of recovering data or restoring business operations after an attack.

Additionally, companies should ensure their policy includes coverage for lost income due to cyber extortion – an increasingly common occurrence in these attacks. This is especially crucial for firms with significant employee-based income tied to their business operations.

Ransomware attacks often carry high extortion demands, leaving victims with the difficult decision of whether or not to pay. Law enforcement agencies generally advise against paying, contending that not only does this encourage attackers to launch similar attacks in the future, but it may also encourage them further into financial ruin.

Many insurers are becoming more selective in their risk evaluation, employing more stringent underwriting practices and decreasing capacity. As a result, businesses find it increasingly difficult to obtain adequate cyber insurance coverage at an affordable rate.

Increased Claims Activity

Ransomware damage has driven up the costs of insurance globally, leading to premium increases of 92 percent during 2021. This marks the largest quarterly spike in cyber premiums since 9/11, according to an industry audit.

Insurers have begun tightening the terms of their policies in response to the rising cost of cyber losses. Some have begun restricting coverage for certain types of attacks or demanding that organizations make additional cybersecurity investments in order to be prepared for potential hazards in the future.

One major reason for the surge in claims activity is that companies are increasingly paying ransoms instead of waiting for their data to be recovered from systems. This strategy poses a risk, as it encourages cybercriminals to attack more frequently, leading to larger and more damaging disruptions.

Some companies are using their cyber insurance as leverage in the ransomware negotiation process, while others simply refuse to pay any demands at all. Local governments may pay the ransom because they need their data back quickly; however, other officials believe it would be too expensive and time-consuming to rebuild their systems from scratch.

Ransomware’s growing sophistication is likely to continue, which could explain why reinsurance rates are skyrocketing for some industries, according to Reuters’ recent report.

Another cause of insurance price increases is cyber insurance providers reducing coverage limits, restricting terms and raising deductibles as ransomware threats grow. Furthermore, some reinsurance firms are raising their underwriting standards for cyber insurance due to the high cost associated with ransomware damages.

Therefore, organizations must understand their coverage options and decide which policies apply to their specific circumstances and risks. Ideally, they should collaborate with a cyber insurance expert who can detect and mitigate cyber risks in advance of a ransomware incident.

It’s essential to have an effective cyber incident response plan (IRP) in place that outlines how an organization will manage a ransomware attack. It should include comprehensive policies covering all aspects of the incident, from data security to public relations issues and system downtime costs. Furthermore, having this document reviewed by an experienced insurance broker helps guarantee its terms are clear and companies have enough resources available to address potential risks.

Ammar Fakhruddin


Ammar brings in 18 years of experience in strategic solutions and product development in Public Sector, Oil & Gas and Healthcare organizations. He loves solving complex real world business and data problems by bringing in leading-edge solutions that are cost effective, improve customer and employee experience. At Propelex he focuses on helping businesses achieve digital excellence using Smart Data & Cybersecurity solutions.

Data Security Through Data Literacy

Data Security Through Data Literacy

Unlocking data security through data literacy. Explore the pivotal role of understanding data in fortifying cybersecurity measures. Data is now pervasive, and it is important for people to understand how to work with this information. They need to be able to interpret...

Trojan Rigged Tor Browser Bundle Drops Malware

Trojan Rigged Tor Browser Bundle Drops Malware

Trojan Rigged Tor Browser Bundle drops malware. Stay vigilant against cybersecurity threats, and secure your online anonymity with caution. Threat actors have been using Trojanized installers for the Tor browser to distribute clipboard-injector malware that siphons...

Siri Privacy Risks: Unveiling the Dangers

Siri Privacy Risks: Unveiling the Dangers

Unveiling Siri privacy risks: Understand the potential dangers and take steps to enhance your digital assistant's security. Siri is a great piece of technology, but it can also be dangerous to users’ privacy. This is a serious issue that should be addressed....

Recent Case Studies

Press Releases

News & Events


Managed Security Services
Security & Privacy Risk Assessment
Cloud Platform Security
Incident Response & Business Continuity

Penetration Testing

Virtual CISO

Email Security & Phishing



About Us