A Cyber Insurer's Perspective on How to Avoid Ransomware


In 2023, the cybersecurity landscape saw a resurgence of ransomware attacks, with a 27% increase in frequency during the first half of the year compared to the second half of 2022. May witnessed the highest number of ransomware claims in a single month in Coalition history. Ransomware also became the leading contributor to the overall increase in claims frequency, comprising 19% of all reported claims.

The severity of ransomware attacks reached a record high in the first half of 2023, with an average loss surpassing $365,000—an alarming 117% increase within one year. The average ransom demand rose to $1.62 million, reflecting a 74% increase over the past year. Businesses with over $100 million in revenue experienced the highest increase in both claims frequency (20%) and severity (72%).

Analyst Comments:
Contributors to the resurgence included the Royal Ransomware, responsible for 12% of reported ransomware claims in the first half. Coalition's alert to policyholders in April 2023 highlighted the increased risk of this sophisticated malware, with associated ransom demands reaching $2 million. Cases related to the Cl0p ransomware gang, exploiting a zero-day vulnerability in MOVEit, were notable for data exfiltration rather than encryption. The Cl0p gang compromised numerous organizations globally, emphasizing the impact on third-party users of the MOVEit vulnerability.

The summary provided in this analysis was gathered from Coalitions, “2023 Cyber Claims Report: Mid Year Update.” The PDF is available here:


Suggested Corrections:

  • Consistently create offline backups of important data: Offline backups are crucial for restoration without succumbing to ransom demands, as attackers often threaten to leak sensitive information.
  • Regularly patch all software and firmware: Maintaining a regular patching cadence and promptly addressing critical vulnerabilities is essential, given that ransomware often exploits outdated software.
  • Reduce the overall attack surface: Deprecating legacy and risky technologies, avoiding end-of-life (EOL) software, and removing technologies with known vulnerabilities help reduce the likelihood of cyber claims.