Ransomware Attacks On The Decline, Corvus Insurance Finds

Declining ransomware attacks? New research from Corvus Insurance says reports of ransomware attacks are down, with payout totals also declining

New research from Boston-based Corvus Insurance has found the rate of ransomware attack claims are falling, reaching in Q4 2021 just half of the peak seen in Q1 2021.

The surprise findings were revealed in the second Corvus Risk Insights Index, a compilation of industry trends and data analysis based on the company’s security scanning technology.

It is fair to say that ransomware attacks have been the bane of security professionals for a number of years now. Indeed, research earlier this month from Vectra found that such is the strain on IT departments, that 50 percent of security leaders are ready to throw in the towel.


Ransomware decline?

The Corvus Risk Insights Index points out one of the best indicators of overall cybercrime activity is the rate of ransomware claims in the Corvus book of business.

Based on Corvus’s claims data, after all of the dire headlines throughout 2021, the end of the year presented signs of improvement, the firm said.

  • It found that in Q4 (2021), the rate of ransomware claims reached just half of the peak seen in Q1 2021 – decreasing from 0.6 percent to 0.3 percent.
  • While the Q3 2021 average ransom paid was atypically high, the entire 2021 ransoms paid by quarter average was ~$167k, 44.2 percent less than the Q3 figure.
  • Overall, fewer ransoms are being paid compared to those demanded. The percentage for the last quarter of 2021 held steady in the low twenties, down significantly from figures that once were over 50 percent. As recently as Q3 2020, the ratio was 44 percent.

So what are triggered the decline? Are businesses and organisations finally getting savvy to the threats and improving their cyberdefences? Well, yes it seems.

“This decrease in cost and severity can be partially attributed to underwriting entities requiring stronger backups for insurance coverage, which is helping to drive the broader trend toward more sophisticated and resilient approaches to mitigating ransomware risk,” Corvus stated.

The data also revealed spikes in claims tied to major cybercrime events including the Microsoft Exchange Server vulnerability and the Kaseya ransomware attack.

Russia invasion

Meanwhile more recent data in the Corvus’s Risk Insights Index touched on Russia’s ongoing invasion of Ukraine, which has included a hybrid warfare model involving cyber attacks against public and private sector organisations.

While attacks have led to increased concerns over potential collateral damage, Corvus observed a 30 percent reduction in ransomware claims frequency from Q4 2021 to Q1 2022 (through to 15 March), highlighting the fractured ransomware threat ecosystem during a time of war.

The overall severity of ransomware costs by industry, also shifted significantly over the past year.

  • The average claim reached nearly $400,000 within the professional services industry in Q4 2021, by far the highest in that timeframe.
  • Healthcare, which saw an alarmingly high average in claim severity to start the year, has returned to a historically low average, with zero ransomware claims recorded in Q4 2021.

And it seems that SMBs are still playing catch up in cybersecurity matters.

  • Only 8 percent of the smallest businesses (with <50 employees) have a dedicated cybersecurity budget.
  • Among the largest businesses within the surveyed group – those with 250 or more employees – 18 percent reported having a dedicated cybersecurity budget.
  • Spend on cybersecurity is expected to increase. Sixty percent of participants stated that their security spending is expected to increase with support from their CEO and senior management.
  • Of the participants who stated that they need help with security improvements, 72 percent were companies that lacked a CISO – reinforcing the idea that a CISO can play a large part in improving security posture.

“We are in the midst of a critical and challenging time for security professionals,” said Phil Edmundson, founder and CEO of Corvus Insurance.

“As the security landscape shifts and threat actors continue to evolve their attacks, this report provides the data-driven analysis critical for organisations to navigate and prepare for adverse events in this new cyber age,” said Edmundson.

Turning point?

Meanwhile a security expert noted the Corvus research and said it could indicate that businesses are starting to learn the lessons after suffering an attack.

“These figures could suggest we are at a turning point where businesses have improved their cyber protection and plugged many of the gaps, often found from their own previous mistakes,” noted Jake Moore, global cybersecurity advisor at ESET.

Jake Moore, ESET

“Once a business has been infected by ransomware the whole company realises the importance of security and often then changes its ways,” said Moore. “Although not always the case, the majority of targeted companies act upon ransomware attacks and therefore, once they have been infected, the likelihood of a secondary attack is presumed less likely.”

“It is expected that ransomware will continue but the gaps and vulnerabilities to target will inevitable get smaller as time goes on but there will sadly never be a time when companies can remove the worry of a potential attack completely,” Moore concluded.