The cost of a cyber claim for small business increased by 58% in 1H2022

The cost of a cyber claim for small business owners increased by 58% in 2022, compared to the same period the year before.

That statistic comes in insurance provider Coalition’s twelve-page 2022 Cyber Claims Report: Mid-Year Update, which says that the average cost of such a claim has now reached $139,000.

However, the insurance industry have seen a decrease in ransomware attack frequency and the amount of ransom demanded between the 2021 and the 2022.

Ransomware demands decreased from $1.37m in 2021 to $896,000 in 2022. Of the incidents that resulted in a payment, Coalition said it negotiated down to roughly 20% of the initial demand.

Across industries, we continue to see high-profile attacks targeting organizations with weak or exposed infrastructure — which has become exacerbated by today’s remote working culture and companies’ dependence on third-party vendors.

Catherine Lyle, head of claims at Coalition

Small businesses are especially vulnerable because they often lack resources. For these businesses, avoiding downtime and disruption is essential, and they must understand that Active Insurance is accessible.

Coalition also say that most cyber incidents are triggered by phishing, accounting for 57.9% of claims, with funds transfer fraud (FTF) holding steady. The frequency of such claims, according to Coalition, has remained consistent at 0.59% in H1 2021, 0.61% in 2021, and 0.58% in 2022.

However, FTF severity has increased by 3% in the same period, continuing the 3-year trend of increasing FTF claims costs.

The persistent vulnerability, said the firm, has been Microsoft Exchange.

In 2021, Microsoft disclosed an exploitable condition (ProxyLogon) that was found in publicly accessible Microsoft Exchange servers. During this time, approximately 1,000 Coalition policyholders were affected. Coalition were able to notify and remediate the vulnerability for 98% of impacted policyholders within a week of the disclosure.”

In August of 2021, another vulnerability related to on-premises Exchange (ProxyShell) was discovered. Coalition developed a dedicated scanning module to handle Exchange events, which can report on the version of Exchange an organization is running.

Since the discovery of this vulnerability, smaller organisations with on-premise Microsoft Exchange were 119% more likely to incur a claim than those using Exchange Online.

Claims severity decreased by 8% for 2022 (compared to 2021) to an average loss of $175,258, and claims frequency decreased by 7% over the same period.

Manufacturing and industrial businesses related to the supply chain continue to top the charts as the most targeted industries. The data also shows a staggering 57% increase in claims frequency for non-profit policyholders.

by Peter Sonner