Report: Cybercrime ‘A Thriving Business,’ as U.S. Claims Frequency Rises

Cyber claims frequency in the U.S. rose 13% last year, a new report shows.

Coalition this week released its 2024 Cyber Claims Report, which includes data and case studies from organizations across the country.

The report portrays cybercrime as “a thriving business that adversely impacts” the economy. In 2023, there were more than 880,000 complaints sent to the Federal Bureau of Investigation with complaints of cybercrime and reported losses totaling $12.5 billion, according to the report.

Although overall claims severity decreased in the latter half of the year, it did not offset a first-half spike driven by increased ransomware claims, the report shows.

Frequency/Severity

Last year, claims frequency remained below the historic high of 2021, yet overall claims frequency increased by 13% year-over-year in 2023. The overall claims severity rose 10% year-over-year, with an average loss of $100,000 due to the surge of ransomware claims in the first half of the year, according to the report.

More than half (52%) of all reported cyber matters were handled without any out-of-pocket payments by the policyholder, the report shows.

Coalition representatives Rob Jones, head of claims, Shelley Ma, incident response lead, and Mike Volk, senior product marketing manager, hosted a webinar after the release of the report to break down trends and cyber claims.

“Severity stabilized in the latter half of the year after a volatile start,” Jones said. “After spiking to an average loss amount of more than $236,000 in the first half 2023, businesses with more than $100 million of revenue saw severity cut in half, but still a 21% increase year-over-year.”

Claims frequency rose across businesses of all revenue amounts. Businesses with between $25 million and $100 million in revenue saw a 32% increase. Frequency for businesses with more than $100 million rose 14%, while businesses with less than $25 million in revenue experienced an 8% increase, the report shows.

The report shows ransomware accounted for 19% of reported claims, making it historically the largest source of claims severity.

“The ransomware variants that drove losses shifted,” the report states. “LockBit ransomware had two variants that appeared in the second half of the year. Among Coalition policyholders, LockBit 3.0 accounted for 12.9% of all ransomware claims and LockBit 2.0 accounted for 2.09% of claims. Notably, the LockBit ransomware gang was briefly taken offline by law enforcement in early 2024 before reappearing three days later.

A report from Cybereason in March compiled from surveys with more than 1,000 IT professionals showed ransomware attackers are using a multitude of techniques to gain access in attacks that are becoming “more frequent, more sophisticated, and more effective.”

The Coalition report shows funds transfer fraud (FTF) frequency rose 2%, while FTF initial severity increased 24% year-over-year to an average loss of more than $278,000.

Claim frequency for “other events” (such as errors, legal, privacy, media, third-party compromise), increased by 21% year-over-year, while severity for “other events” increased by 28% to an average loss of more than $53,000, the report shows.

While claims related to business email compromise (BEC) fell 8%, cybersecurity trends point to threat actors using generative artificial intelligence (AI) tools to launch more sophisticated attacks.

“Phishing emails are becoming more credible and harder to detect, and threat actors are believed to be using AI to parse information faster, communicate more efficiently, and generate campaigns targeted toward specific companies — all of which may contribute to increases in FTF claims,” the report states.

Proactive Steps

The report calls out the advantages of proactive steps, and best practices. For example, it shows that businesses that use a boundary device to protect their network – if their best practices include updating firmware and monitoring all endpoints – are able react quickly if the boundary device has been compromised.

These technologies are critical to business operations. However, these devices are also often prime targets for threat actors, the report shows.

“These tools are considered indispensable for managing cyber threats, and yet at the same time our research has found a concerning trend that certain boundary devices with known vulnerabilities could actually increase the likelihood of a cyber claim,” Ma said. “The findings of our claims report were eye-opening, especially regarding the increased risk that’s faced by organizations using boundary devices such as firewalls and VPNs.”

The report shows relative claims frequency for Coalition policyholders using Cisco Adaptive Security Appliance (ASA) devices, which both enable remote access and protect networks with firewall, antivirus, intrusion prevention, and VPN capabilities, surged in 2023.

Businesses with internet-exposed Cisco ASA devices were nearly five times more likely to experience a claim in 2023, up from being roughly two-and-a-half times more likely to experience a claim in the previous two years.

“Several critical vulnerabilities impacting Cisco ASA devices were discovered in 2023, likely contributing to the increased relative frequency,” the report states. “Security researchers discovered that the ransomware gang Akira was actively exploiting a Cisco ASA vulnerability from 2020, which posed a significant risk for businesses that has continued into 2024.”

Fortinet, which offers a variety of boundary devices, are often exploited by threat actors because of the level of privileged access that can be gained by compromising them. Businesses with internet-exposed Fortinet devices were twice as likely to experience a claim in 2023, according to the report.

“Policyholders using internet-exposed Remote Desktop Protocol (RDP) were two-and-a-half times as likely to experience a claim in 2023,” Ma said.

Balaoro is a student at California State University, Long Beach, who is working as an intern for Wells Media Group.