In 2023, organizations took an average of 32 days to restore operations after a ransomware attack.

In 2019, victims paid on average 56.9% of the initial ransom demand.

Before 2023, 62.8% of backups were affected by ransomware.

Before 2023, 37.2% of backups were not affected by ransomware.

The average duration business operations were affected by ransomware in professional services was 85 days.

Nearly half of small healthcare practices lack sufficient cyber insurance

Despite the 20% decrease from 2023, UK cyber claims in 2024 remained approximately one-third higher than the totals recorded for 2020, 2021, and 2022.

UK cyber claims in 2024 decreased by 20% compared to the spike seen in 2023.

Ransomware claims in 2024 declined by 31% compared to 2023.

BEC claims severity increased by 23% in 2024.

44% of cyber insurance policyholders that experienced a ransomware incident opted to pay the ransom when deemed reasonable and necessary.

FTF (funds transfer fraud) claims severity decreased by 46% YoY. This sharp decline followed an all-time high in 2023.

Ransomware claims severity decreased by 7% YoY.

Despite the 20% decrease from 2023, UK cyber claims in 2024 remained approximately one-third higher than the totals recorded for 2020, 2021, and 2022.

The average ransom demand in the latter half of 2024 fell below $1 million for the first time in more than two years.

59% of enterprises have adopted at least one new security solution at the request of their cyber insurance provider.

The Black Basta variant had the highest average ransom demand at $4 million.

29% of BEC events resulted in funds transfer fraud in 2024.

Despite the decline from 2023, ransomware claims in 2024 remained approximately double the totals recorded for 2020, 2021, and 2022.

Extortion (including ransomware) was the primary cause of cyber losses, accounting for 28% of claims.