Corvus Insurance reports ransomware attacks are down from recent peaks

April 18, 2022
Corvus Risk Insights Index finds 2021 average ransoms paid by quarter was $167K, down 44.2% highlighting costs and frequency of claims trend downward

BOSTON--()--Corvus Insurance, the leading provider of smart commercial insurance products powered by AI-driven risk data has released findings from its second Corvus Risk Insights Index™, a compilation of industry trends and data analysis based on the company’s proprietary IT security scanning technology, the Corvus Scan, in addition to results from its Policyholder Cybersecurity Benchmarking Survey, sent to current Cyber and Technology Errors & Omissions (Tech E&O) policyholders.

“In support of our mission to make the world a safer place, it is our hope that this report provides guidance not only for our policyholders, but all of those seeking to protect their business, employees, and customers from cyber threats, especially at this critical time in history,” said Jason Rebholz, Chief Information Security Officer at Corvus Insurance. “Corvus’s real-time data and AI-powered risk management tools provide unparalleled transparency between our risk capital partners, policyholders, and brokers and allow us to share these actionable insights to increase awareness around the current state of cyber risk to help keep everyone safe.”

In the second edition of the Corvus Risk Insights Index™, Corvus’s experts — including data scientists, underwriters, cybersecurity professionals, and claims managers — reflect on the past year, current trends, and what’s to come in the remainder of 2022. In reviewing the evolving cyber risk landscape, the report includes a breakdown of the impact of zero-days and third-party risk, updates on ransom severity, and a review of recent key vulnerabilities. To shed light on concerns and perspectives that are unique to the small- and medium-sized business (SMB) segment, the report also features insights from Corvus’s first Policyholder Cybersecurity Benchmarking Survey, which captured insights from their Cyber and Tech E&O policyholders.

Ransomware claims, costs, and severity

One of the best indicators of overall cybercrime activity is the rate of ransomware claims in the Corvus book of business. Based on Corvus’s claims data, after all of the dire headlines throughout 2021 the end of the year presented signs of improvement:

  • In Q4, the rate of ransomware claims reached just half of the peak seen in Q1 2021 — decreasing from 0.6% to 0.3%.
  • While the Q3 2021 average ransom paid was atypically high, the entire 2021 ransoms paid by quarter average was ~$167k, 44.2% less than the Q3 figure.
  • Overall, fewer ransoms are being paid compared to those demanded. The percentage for the last quarter of 2021 held steady in the low twenties, down significantly from figures that once were over 50%. As recently as Q3 2020, the ratio was 44%.

This decrease in cost and severity can be partially attributed to underwriting entities requiring stronger backups for insurance coverage, which is helping to drive the broader trend toward more sophisticated and resilient approaches to mitigating ransomware risk.

The data also revealed spikes in claims tied to major cybercrime events including the Microsoft Exchange Server vulnerability and the Kaseya ransomware attack. While these events were enough to significantly, but temporarily, impact the month-by-month ransomware claims rate, the overall average severity of claims declined.

As the cyber threat landscape continues to evolve, Corvus’s Risk Insights Index™ touched on Russia's ongoing invasion of Ukraine, which has included a hybrid warfare model involving cyberattacks against public and private sector organizations. While attacks have led to increased concerns over potential collateral damage, Corvus observed a 30% reduction in ransomware claims frequency from Q4 2021 to Q1 2022 (through March 15), highlighting the fractured ransomware threat ecosystem during a time of war.

Severity is lowered, but not across the board

The overall severity of ransomware costs by industry shifted significantly over the past year. The report indicates a decreasing cost impact on education and social services, while the professional services industry (including but not limited to law firms, consulting firms, and architecture firms) experienced increased ransomware costs. The data highlights that:

  • The average claim reached nearly $400,000 within the professional services industry in Q4 2021, by far the highest in that timeframe.
  • Healthcare, which saw an alarmingly high average in claim severity to start the year, has returned to a historically low average, with zero ransomware claims recorded in Q4 2021.

The decreasing claims severity within healthcare may be tied to dissipating public fears and subsequent exploitation by threat actors during the height of the COVID-19 pandemic.

SMBs still playing cyber strategy catch up

Corvus’s first Policyholder Cybersecurity Benchmarking Survey, conducted in Q4 2021, showed that SMBs are still building their cyber investments. The survey was deployed to Corvus’s Cyber and Tech E&O policyholders, with the nearly 300 respondents’ titles ranging from C-suite to Vice Presidents, Directors, and IT Managers. Participants’ company size ranged from fewer than 50 employees to over 250. The results showed that SMBs are primarily concerned with external threats — attack vectors including ransomware and phishing — and revealed:

  • Only 8% of the smallest businesses (with <50 employees) have a dedicated cybersecurity budget.
  • Among the largest businesses within the surveyed group — those with 250 or more employees — 18% reported having a dedicated cybersecurity budget.
  • Spend on cybersecurity is expected to increase. Sixty percent of participants stated that their security spending is expected to increase with support from their CEO and senior management.
  • Of the participants who stated that they need help with security improvements, 72% were companies that lacked a CISO — reinforcing the idea that a CISO can play a large part in improving security posture.
  • Survey respondents highlighted a lack of resources and the overall complexity of security as key driving factors currently preventing improvements in their defenses. Smaller companies (<50 employees) are more concerned with staying current on new threats, while larger organizations are more concerned with vendor breaches, bringing to light the fact that many companies may fail to emphasize and act on the need for an internal security culture.

    “We are in the midst of a critical and challenging time for security professionals,” said Phil Edmundson, Founder and CEO of Corvus Insurance. “As the security landscape shifts and threat actors continue to evolve their attacks, this report provides the data-driven analysis critical for organizations to navigate and prepare for adverse events in this new cyber age.”

    You can access the full Corvus Risk Insight Index™ here. To learn more about Corvus, please visit

    About Corvus Insurance

    Corvus Insurance is building a safer world through insurance products and digital tools that reduce risk, increase transparency, and improve resilience for policyholders and program partners. Our market-leading specialty insurance products are enabled by advanced data science and include Smart Cyber Insurance®, Smart Tech E+OTM, Smart Cargo®, and a suite of products for Financial Institutions. Our digital platforms and tools enable efficient quoting and binding and proactive risk mitigation.

    Corvus Insurance offers insurance products in the US, Middle East, Europe, Canada, and Australia. Current insurance program partners include AXIS Capital, Crum & Forster, Hudson Insurance Group, certain underwriters at Lloyd’s of London, R&Q’s Accredited, SiriusPoint, and Skyward Specialty Insurance. Corvus Insurance and Corvus London Markets are the marketing names used to refer to Corvus Insurance Agency, LLC and Corvus Agency Limited. Both entities are subsidiaries of Corvus Insurance Holdings, Inc. Corvus Insurance was founded in 2017 and is headquartered in Boston, Massachusetts with offices across the US and in London, UK. For more information, visit