Business interruption coverage was triggered in 17.5% of all claims, occurring more frequently in excess claims(23.3%) than in primary claims (15.1%).

In 2019, organizations took an average of 76 days to restore operations after a ransomware attack.

Privacy and cyber security coverage was triggered in 13.2% of all claims, with a higher prevalence in excess claims(22.2%) compared to primary claims (9.4%).

In 49.2% of large ransomware claims, attackers gained access by exploiting system vulnerabilities.

Companies with revenues between $500M and $750M had an average relative frequency of large claims on primary policies of 1.40.

Companies with revenues between $750M and $2B had an average relative frequency of large claims on primary policies of 1.80.

Companies with revenues above $2B had an average relative frequency of large claims on primary policies of 1.86.

2021: 29.7% of large losses came from other causes, 23.7% from data breaches, and 46.6% from ransomware. Ransomware overtook all other causes and drove nearly half of the biggest cyber claims.

In 14.3% of cases prior to 2019, the source of detection was miscellaneous or unknown.

In 2021, organizations took an average of 77 days to restore operations after a ransomware attack.

The maximum DDoS attack duration in June 2024 was only 73 minutes.

Ransomware claims accounted for 54.3% of cyber claims in the sample for the period of 2019 and onwards.

The average duration business operations were affected by ransomware in health care was 70 days.

51% of all organizations actively pursuing CMMC 2.0 certification managing international data flows report increased complexity in policy development and control implementation.

88% of all incurred losses from AXA XL cyber claims over the last decade arise from claims that surpass $1 million, suggesting that a relatively small number of large claims are responsible for the majority of cyber losses.

2023: 24.0% of large losses came from other causes, 13.3% from data breaches, and 62.8% from ransomware. Ransomware reached a record high, driving almost two-thirds of the largest cyber insurance payouts.

Manufacturing faced several ransomware incidents, generating cyber insurance claims averaging over $1 million in severity.

In 2021, victims paid on average 33.9% of the initial ransom demand.

Data breach response / crisis management was triggered as the main driver of loss in 24.5% of claims (primary 23.6%, excess 26.7%), triggered with some loss impact in 27.5%, triggered with no loss impact known in 3.6%, and not triggered in 44.4%.

Average initial ransom demand (based on all cases with ransom demand) in 2020: $11.25 million.