Skip to main content
HomeTopicsCyber Claims

Cyber Claims

Cybersecurity statistics about cyber claims

Showing 61-80 of 85 results

For data breach cases where the attacker was detected by a third-party, it took an average of 91 days to notice the attacker since 2019.

AXA XL9/9/2025
Cyber insuranceCyber claims

Data breach response / crisis management coverage was triggered in 24.5% of all claims overall, with a slightly higher incidence in excess claims (26.7%) compared to primary claims (23.6%).

AXA XL9/9/2025
Cyber insuranceCyber claims

Extortion coverage was triggered in 11.9% of all claims, showing a significant difference between primary claims(15.6%) and excess claims (3.3%), indicating it is far more common at the primary layer.

AXA XL9/9/2025
Cyber insuranceCyber claims

Other insuring agreements (average) were triggered as the main driver of loss in 1.6% of claims, triggered with some loss impact in 1.4%, triggered with no loss impact known in 0.5%, and not triggered in 96.6%.

AXA XL9/9/2025
Cyber insuranceCyber claims

2018: 46.2% of large losses came from other causes, 37.9% from data breaches, and 15.9% from ransomware. Ransomware started to emerge as a meaningful driver of big cyber claims.

AXA XL9/9/2025
Cyber insuranceCyber claims

In 2020, victims paid on average 37.4% of the initial ransom demand.

AXA XL9/9/2025
Cyber insuranceCyber claims

Average initial ransom demand (based on all cases with ransom demand) in 2023: $32.25 million.

AXA XL9/9/2025
Cyber insuranceCyber claims

In 24.6% of large ransomware claims, attackers used phishing to infiltrate systems.

AXA XL9/9/2025
Cyber insuranceCyber claims

In 2022, victims paid on average 42.0% of the initial ransom demand.

AXA XL9/9/2025
Cyber insuranceCyber claims

The average duration business operations were affected by ransomware in retail was 32 days.

AXA XL9/9/2025
Cyber insuranceCyber claims

Extortion was triggered as the main driver of loss in 11.9% of claims (primary 15.6%, excess 3.3%), triggered with some loss impact in 11.6%, triggered with no loss impact known in 9.6%, and not triggered in 66.9%.

AXA XL9/9/2025
Cyber insuranceCyber claims

2020: 27.3% of large losses came from other causes, 29.2% from data breaches, and 43.4% from ransomware. Ransomware remained a dominant source of costly claims.

AXA XL9/9/2025
Cyber insuranceCyber claims

2019: 28.1% of large losses came from other causes, 29.2% from data breaches, and 45.1% from ransomware. Ransomware surged and became the leading cause of major cyber claims for the first time.

AXA XL9/9/2025
Cyber insuranceCyber claims

Ransomware incidents often lead to significant business interruptions, with some level of systems shutdowns occurring in approximately 92% of these cases.

AXA XL9/9/2025
Cyber insuranceCyber claims

For data breach cases where the attackers themselves disclosed the breach, it took an average of 38 days to notice the attacker prior to 2019.

AXA XL9/9/2025
Cyber insuranceCyber claims

Between 2019 and 2023, professional services experienced large losses primarily from ransomware (75.0%), followed by data breaches (14.3%) and other causes (10.7%).

AXA XL9/9/2025
Cyber insuranceCyber claims

Companies with revenues up to $250M had an average relative frequency of large claims on primary policies of 0.45.

AXA XL9/9/2025
Cyber insuranceCyber claims

2010–2017: 62.3% of large cyber losses came from other causes, 37.7% came from data breaches, and ransomware caused 0.0% of major losses. At this stage, ransomware claims were rare, and most large claims stemmed from breaches and miscellaneous incidents.

AXA XL9/9/2025
Cyber insuranceCyber claims

Average initial ransom demand (based on all cases with ransom demand) in 2022: $21.46 million.

AXA XL9/9/2025
Cyber insuranceCyber claims

The average duration business operations were affected by ransomware in technology was 57 days.

AXA XL9/9/2025
Cyber insuranceCyber claims