Ransomware demands are up more than 500%, the latest concern for insurers

Ransomware attacks aren’t just becoming more frequent, they’re getting more expensive.

Scammers demanded an average payment of $5.3 million from hacking victims through the first six months of 2021, though extortion victims paid a median fee in the hundreds of thousands of dollars, according to a new report from the insurer Allianz.

The $5.3 million average represents a 518% increase from the 2020 figure, driven in part by demands to pay up to $50 million after a data breach. The highest demand last year was for $30 million, according to the latest report, which did not identify affected organizations by name. Victims paid an average of $570,000 during the first six months, compared to $312,000 in 2020, Palo Alto Networks said.

The figures, published Thursday by Allianz, represent the latest glimpse into how ransomware attacks are becoming exponentially more expensive as victim organizations look to insurance providers to cover the breach, extortion payments, business interruption and ensuing remediation efforts. Major breaches in 2021 — such as hacks on Colonial Pipeline, JBS and the IT provider Kaseya — have generated more attention on the issue, including a White House summit of some 30 nations aimed at curbing such hacks.

“The claims environment and the cyber threat environment is considerably worse than it was a few years ago,” Scott Sayce, global head of cyber at Allianz Global Corporate and Speciality, said in the company’s report.

The number of ransomware claims has accelerated over the past two years, Allianz said, with the number of incidents in the first six months of 2021 exceeding the figure of all of 2019. External events, such as hacks and distributed denial-of-service incidents, account for 81% of cyber claims, the company added. Malicious internal action, such as a breach originating with a disgruntled employee, were at the root of 10% of claims, while accidental causes, like an outage or human error, were behind 9% of claims.

Insurance companies have for years sought to raise red flags about the direction of the ransomware trend, which has quickly emerged as an expensive drain on providers. San Francisco-based Coalition warned last year that nearly half of the cyber-insurance claims filed during the first half of 2020 were based on ransomware attacks. Beazley, another provider, said in 2019 its client base endured an 131% uptick in ransomware hacks from the year before.