2023: 24.0% of large losses came from other causes, 13.3% from data breaches, and 62.8% from ransomware. Ransomware reached a record high, driving almost two-thirds of the largest cyber insurance payouts.

In 2023, only 11.1% of backups were affected by ransomware.

In 2021, victims paid on average 33.9% of the initial ransom demand.

Between 2019 and 2023, other sectors experienced large losses primarily from ransomware (53.1%), followed by data breaches (25.0%) and other causes (21.9%).

The average duration business operations were affected by ransomware in health care was 70 days.

Ransomware claims accounted for 54.3% of cyber claims in the sample for the period of 2019 and onwards.

Average initial ransom demand (based on all cases with ransom demand) in 2022: $21.46 million.

In 2021, organizations took an average of 77 days to restore operations after a ransomware attack.

Businesses typically required around two full months to restore operations following a ransomware attack.

Between 2019 and 2023, retail experienced large losses primarily from ransomware (50.0%), followed by other causes (30.0%) and data breaches (20.0%).

2021: 29.7% of large losses came from other causes, 23.7% from data breaches, and 46.6% from ransomware. Ransomware overtook all other causes and drove nearly half of the biggest cyber claims.

Between 2019 and 2023, professional services experienced large losses primarily from ransomware (75.0%), followed by data breaches (14.3%) and other causes (10.7%).

37.2% of large losses came from other causes, 16.0% from data breaches, and 46.6% from ransomware. While other causes ticked up, ransomware continued to generate nearly half of the most expensive claims.

Ransomware incidents often lead to significant business interruptions, with some level of systems shutdowns occurring in approximately 92% of these cases.

2018: 46.2% of large losses came from other causes, 37.9% from data breaches, and 15.9% from ransomware. Ransomware started to emerge as a meaningful driver of big cyber claims.

2010–2017: 62.3% of large cyber losses came from other causes, 37.7% came from data breaches, and ransomware caused 0.0% of major losses. At this stage, ransomware claims were rare, and most large claims stemmed from breaches and miscellaneous incidents.

2019: 28.1% of large losses came from other causes, 29.2% from data breaches, and 45.1% from ransomware. Ransomware surged and became the leading cause of major cyber claims for the first time.

In 2022, organizations took an average of 43 days to restore operations after a ransomware attack.

In 2023, 88.9% of backups were not affected by ransomware.

Between 2019 and 2023, healthcare experienced large losses primarily from ransomware (57.1%), followed by data breaches (28.6%) and other causes (14.3%).