Executive Summary
In this first report of 2022, Corvus experts — including data scientists, underwriters, cybersecurity professionals, and claims managers — reflect on the past year, current trends, and what we expect to see in the remainder of 2022. You’ll find updates to findings shared in our Fall 2021 mid-year report, as well as new data gathered in a recent survey of Corvus policyholders. Our hope is that by sharing these insights, we can continue to make the world a safer place, mitigating adverse events and overall risks for our policyholders as well as anyone seeking to protect their business, employees, and customers from cyber threats.
Key Takeaways
- A key finding from the last Cyber Risk Insights Index holds true: over time, a smaller share of ransoms demanded are ultimately paid by victims.
- A sudden spike in ransomware claims doesn’t necessarily lead to higher, or even equal, severity (cost) of those claims.
- The professional services industry saw increased ransomware response costs, while the social services and education industries saw a decrease in costs.
- Small- and medium-sized businesses (SMBs) expect to increase their spending on cybersecurity. Yet reasons differ within the segment: companies with fewer than 50 employees are most concerned with staying current on new threats, while larger organizations are most concerned with impacts from breaches on their third-party vendors.
- Security needs are always evolving: organizations, no matter the size, should never consider themselves “done” with implementation. An on-staff CISO can help companies stay ahead of needs and bridge the gap between technologists and business-focused executives.
Table of Contents
Impact of Zero-Days & Third-Party Risk
Updates on Ransom Severity
Sneak Preview: Q1 2022 Claims Indicators
Data Exfiltration Trends
Cybersecurity Concerns
Budget
Organizational Support
Factors Preventing Improvements