Only 23% of clients impacted by a cyber extortion event in 2023 paid the ransom, even as the number of cyber extortion events soared to 282, according to a report Tuesday by Marsh.
The report analyzed more than 1,800 cyber claims submitted to Marsh in the U.S. and Canada last year, according to a statement issued with the report.
The proportion of clients rejecting ransomware demands increased to 77% in 2023 from just 37% in 2021, report data showed.
As the number of payors declined, however, the median payment increased, to $6.5 million in 2023 from $335,000 in 2022, and the median demand increased to $20 million from $1.4 million, the report said.
Overall, 21% of Marsh clients that purchased a cyber policy reported an event in 2023. The health care and communications sectors are those with the most claims annually, the report said.
While ransomware represented less than 20% of claims reported, “it remains a top concern for organizations given their increased frequency, sophistication, and potential severity,” the report said.
The report recommends companies have a “cyber resilience strategy that incorporates a view of cyber risk across the enterprise, including its potential economic and operational impact.”
Meredith Schnur, cyber practice leader at Marsh, U.S. and Canada, said in the statement that “it is imperative for clients to adopt a proactive stance in safeguarding themselves.”
