Executive Summary

In this first report of 2022, Corvus experts — including data scientists, underwriters, cybersecurity professionals, and claims managers — reflect on the past year, current trends, and what we expect to see in the remainder of 2022. You’ll find updates to findings shared in our Fall 2021 mid-year report, as well as new data gathered in a recent survey of Corvus policyholders. Our hope is that by sharing these insights, we can continue to make the world a safer place, mitigating adverse events and overall risks for our policyholders as well as anyone seeking to protect their business, employees, and customers from cyber threats.

Key Takeaways

  • A key finding from the last Cyber Risk Insights Index holds true: over time, a smaller share of ransoms demanded are ultimately paid by victims.
  • A sudden spike in ransomware claims doesn’t necessarily lead to higher, or even equal, severity (cost) of those claims.
  • The professional services industry saw increased ransomware response costs, while the social services and education industries saw a decrease in costs.
  • Small- and medium-sized businesses (SMBs) expect to increase their spending on cybersecurity. Yet reasons differ within the segment: companies with fewer than 50 employees are most concerned with staying current on new threats, while larger organizations are most concerned with impacts from breaches on their third-party vendors.
  • Security needs are always evolving: organizations, no matter the size, should never consider themselves “done” with implementation. An on-staff CISO can help companies stay ahead of needs and bridge the gap between technologists and business-focused executives.

Table of Contents

Impact of Zero-Days & Third-Party Risk

Updates on Ransom Severity

Data Exfiltration Trends

Cybersecurity Concerns


Organizational Support

Factors Preventing Improvements