Cyber insurance costs fall in 2023 despite steep rise in ransomware attacks

Denoting cyber insurance, this is a digital mockup of a cityscape as if it were skyscrapers coming out of a motherboard, all in a multi-tonal blue colour scheme
(Image credit: Getty Images)

Cyber insurance pricing is down by 9% in 2023 following an all-time high at the end of 2022, despite ransomware activity having increased 48% year on year (YoY).

The figures show the shock experienced by the cyber insurance market during 2020 and 2021 as ransomware frequency and severity escalated sharply. The result increased the cost of cyber cover more than double.

Things are more nuanced in 2023, according to a report published by the Howden Group. Activity relented in 2022 - accompanied by the implementation of mitigations and risk controls by companies - before surging again in 2023.

However, strengthened defenses have paid dividends and the report noted that “resurgent ransomware activity in the first half of the year has so far not been accompanied by a corresponding rise in losses or claims”.


Rear facing image of man sat in dark tech lab using VR headset and gloves

(Image credit: Trend Micro)

The near and far future of ransomware business models

What would make ransomware actors change their criminal business models?


The effect of this is that despite the uptick in ransomware activity, cyber insurance premiums are remaining flat or even decreasing from their historic highs.

The report described the surge in ransomware during 2020 and 2021, attributed in part to the availability of low-cost ransomware kits, as “unlike anything experienced previously”.

At one point in 2021, ransomware incidents were up by 390% compared to a Q1 2019 baseline. The result was what the report described as a “major market correction”.

After 18 months of relative calm for the cyber insurance market, optimism around a drop in claims and a return to competition was tempered by an increase in global ransomware attacks - up 47% in the first quarter of 2023 compared to the same period in 2022.

The average US ransomware payment also went up by 55% YoY.

Ransomware gangs have been accelerating their activity after a year of comparatively smaller gains. Average ransom payments in early 2023 were nearly double those of the previous year. 40% of companies surveyed reported payments of $1 million compared to 11% in 2022.

Cyber criminal groups are paying more attention to an organization’s ability to pay versus the security measures in place, according to the report. 

Mounting issues with cloud outages

Away from cyber insurance, the report also highlighted the potential for businesses to become more greatly exposed to spiraling losses due to interruptions in the digital supply chain, not necessarily only from cyber attackers.

Jonathan Hatzor, CEO at Parametrix Insurance, said: “The cloud goes down almost every day”.

He noted that the big three cloud vendors only tended to report major disruptions and that the most common reported cause of outages was human error.

The resulting financial and reputational costs from such incidents can be severe.

Estimates can vary depending on the research and the type of customer, but an organization’s financial loss as a result of a major outage at one of the big three hyperscalers could range between a few thousand dollars per hour and more than $300,000.

“Cyber supply chain risk is something that companies operating in all sectors and geographies need to measure, manage, and mitigate,” said Hatzor.

War exclusions

Finally, the war exclusions issue in cyber insurance has focused minds as positions are clarified on cyber warfare and buyers check that existing levels of protection will be maintained. 

Earlier this year, cyber insurance provider Lloyd’s introduced ‘war exclusions’ to its policies, attracting criticism from the industry. 


Blue eBook cover with logo and title and image of smiling female holding glasses in front of a laptop

(Image credit: LogicMonitor)

Monitoring & alerting best practices guide

Best practices for smarter alerting, faster troubleshooting, and more proactive monitoring


The new wording from Lloyds and the broking community means losses will not be covered if they arise from a physical war, from a cyber attack carried out as part of a physical war, or "from a state-sponsored cyber attack that causes a major detrimental impact to the essential services required for the functioning of a sovereign state”.

While the clause might sound initially alarming, the report noted that “cyber insurers have confirmed that they do not consider any attack to date, including NotPetya, would be of sufficient scale to trigger the exclusion”.

Richard Speed
Staff Writer

Richard Speed is an expert in databases, DevOps and IT regulations and governance. He was previously a Staff Writer for ITProCloudPro and ChannelPro, before going freelance. He first joined Future in 2023 having worked as a reporter for The Register. He has also attended numerous domestic and international events, including Microsoft's Build and Ignite conferences and both US and EU KubeCons.

Prior to joining The Register, he spent a number of years working in IT in the pharmaceutical and financial sectors.