<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1354242&amp;fmt=gif">

New Corvus Insurance Data Reveals Ransomware and Fraudulent Funds Transfer Represent More Than Half of All Claims

Corvus Risk Insights Index™ findings show fraudulent funds transfer claims reached an all-time high, making up 36% of the company’s cyber claims in Q3 2022

BOSTON (December 7, 2022) — Corvus Insurance, the leading provider of Smart Cyber Insurance® products powered by AI-driven risk data, today released findings from its third Corvus Risk Insights Index™, a compilation of industry trends and data analysis. The report’s findings are drawn from sources of data that Corvus uses to power its underwriting and proactive risk mitigation measures that help its policyholders improve their cybersecurity posture. These sources include the company’s proprietary IT security scanning technology and detailed claims reporting.

Corvus Risk Insights Index™ Trends and Data Analysis

The report compares top cyber risks from the evolving threat landscape. Notably, Corvus found that Fraudulent Funds Transfer (FFT) continues to generate substantial losses for organizations, comprising 36% of all claims in Q3 2022. FFT is defined as an attack in which threat actors use social engineering tactics to trick employees or vendors into transferring funds to the wrong accounts.

Additional Fraudulent Funds Transfer findings include:

  • FFT and ransomware are the top drivers of cyber loss in 2022, accounting for over 50% of all claims combined.

  • The increasing rate of FFT incidents signals a continued susceptibility to Business Email Compromise (BEC)

  • The proportion of ransomware incidents targeting the U.S. declined in early 2022, but average claim costs remained high, at nearly three times the average of an FFT claim.

“Global cybercrime is growing more complex by the day, presenting security leaders with new challenges. With the power of security insights and dynamic claims data feeding Corvus’s technologies, we can help our policyholders improve their cybersecurity posture by informing them of emerging threats and best practices,” said Jason Rebholz, Chief Information Security Officer at Corvus Insurance. “While ransomware continues to be a dominant risk, we are seeing tactics change, including the rise of other forms of extortion as well as funds transfer fraud. The findings from our report serve as a reminder to all security leaders that cybersecurity is fluid and attackers will shift their methods, even revisiting old tactics, so long as they continue to reap financial benefits.”

The latest Corvus Risk Insights Index™ focuses on key cybersecurity findings, including:

  • What cybercrime tactics are most consistent over time

  • Which are rising and fading in popularity

  • How costs have changed

Main Drivers of Cyber Loss: FFT & Ransomware

It’s expected that ransomware and FFT are to remain the top drivers of cyber loss, as Corvus data shows that ransomware and FFT are the two most consistent tactics of choice for threat actors, together representing more than half of all Corvus claims. FFT emerged as a top driver of cyber loss over the past year in terms of frequency, while ransomware remained by far the most costly category of cyber claims.

  • FFT accounts for 28% of cyber claims in Corvus’s book of business, all-time, while ransomware comprises 23%.
  • The average claim for FFT — $90,000 — is a fraction of the ransomware average, $256,000.
    • The total cost of claims, all-time, for ransomware is nearly three times that of FFT  because claims resulting from FFT incidents do not typically involve costly data restoration, system recovery, business interruption, or breach response efforts that are commonly required following ransomware attacks.

  • In 1H 2022, the percentage of ransomware claims remained at 34%, but the average ransom paid (a component of the overall claim cost) ticked up 4% to $255,000.
  • The impact and consistency of FFT has continued to grow, accounting for 36% of all claims in the last quarter (Q3 2022), an all-time high. This metric has not dipped below 25% of claims for the past six quarters.

Business Email Compromise (BEC) is on the Rise: The Root Cause of FFT Incidents & Other Cybercrime

The rise in FFT incidents is linked to BEC, with FFT making up more than half of all BEC-related claims. BEC can result in an email account takeover, whereby threat actors trick employees into giving up their account credentials and gain access to employees’ inboxes — which is particularly effective for FFT.

Additionally, third-party attacks, FFT, and ransomware were the top risk trends that led to cybercrimes in 2022 compared to 2021.

  • FFT represents 70% of all BEC-related claims, showing that it’s the most effective way for threat actors to monetize social engineering attacks.
  • BEC represented more than 4 in 10 claims in H2 2021, rising about 10% to reach 45% of claims in H1 2022.
  • Corvus observed a 66% increase in third-party breaches in 2022, including a 20% increase in the share of third-party ransomware attacks.

Data Theft: The Evolving Face of Extortion

While there were fewer ransomware claims in the first half of 2022, a larger percentage of claims involved data exfiltration, a tactic used to increase leverage over the victim companies. The threat of stolen data is not limited to the victim's IT system — it can harm an organization's brand reputation and increase liability for exposure of sensitive information.

  • Data exfiltration saw a 25% increase from H2 2021 to H1 2022.
  • Now occurring on nearly 50% of ransomware claims, a historic high, the rate of data exfiltration (theft) shows that attackers are attempting to generate additional points of leverage to increase the likelihood of a ransom payment.

“It’s vital that the cybersecurity and insurance industries stay connected to remain agile in the changing threat landscape,” said Rebholz. “Rising instances of data exfiltration show that cybercriminals will respond quickly to thwart security professionals, and identify creative ways to increase leverage in ransom negotiations. Insurers have visibility into these changes, enabling us to take an informed, proactive approach with our brokers, policyholders, and partners. It’s Corvus’s responsibility as a leading insurtech to not only make our policyholders safer, but also to help empower the industry at large to make the world a safer place.” 

You can access the full Corvus Risk Insight Index™ here. To learn more about Corvus, please visit https://www.corvusinsurance.com.

View the original press release on BusinessWire.

About Corvus Insurance

Corvus Insurance, a wholly owned subsidiary of The Travelers Companies, Inc., is building a safer world through insurance products that help to reduce cyber risk for policyholders. Corvus Insurance's Smart Cyber Insurance® and Smart Tech E+O® products include broad coverage, in-house claims handling, and risk prevention services that help prevent cyberattacks through threat alerts for policyholders and the partnership of our in-house cybersecurity experts. 

Corvus Insurance offers insurance products in the U.S., Middle East, Europe, Canada, and Australia. Corvus Insurance, Corvus London Markets, and Corvus Germany are the marketing names used to refer to Corvus Insurance Agency, LLC; Corvus Agency Limited; and Corvus Underwriting GmbH. All entities are subsidiaries of Corvus Insurance Holdings, Inc. For more information, visit corvusinsurance.com.

Recent Articles

Global Ransomware Attacks, Demands and Payments Rose in Second Quarter According to Corvus Insurance Cyber Threat Report


Q2 2024 Sets Record for Second Most Global Ransomware Attacks in a Quarter, Average Ransom Demand Soars by 102%. Keep reading to learn more.

Corvus Insurance Doubles Underwriting Offering, Expands Small Business Cyber Offering


Full transition to Travelers Excess and Surplus Lines paper completed.

Q1 2024 Sets Record for Most Global Ransomware Attacks in a First Quarter: New Corvus Insurance Ransomware Report


An unprecedented 18 new ransomware leak sites emerged over Q1 2024. Learn more about recent ransomware trends and activity in our press release.