Average ransomware demand triples in a year

According to US cybersecurity insurance provider Coalition‘s H1 2021 Cyber Insurance Claims Report, compared to the same period last year, the size of the average ransomware demand has tripled in size in 2021, from $450,000 to $1.2 million. This number is down a little on the $1.3 million being asked in late 2020, probably due to policyholders’ improved negotiation skills. The average amount of funds stolen in financial fraud cases rose from $116,842 to $326,264, an increase of 179%.

Coalition say its claims data revealed five prevailing trends:

  1. Cyber crime is ballooning, led by a 51% jump in business email compromise incidents and a 28% increase in financial fraud events
  2. Ransomware is growing in severity
  3. Criminals are exploiting remote working
  4. Microsoft remote desktop protocol (RDP) has become a favorite target of hackers
  5. Smaller companies are increasingly targeted by ransomware crews


  • Nearly 50% of attacks against Coalition’s policyholders were initiated by phishing and social engineering
  • The rate of policyholders who experienced a claim due to exposed RDP from 1H 2020 to a year later increased from 29% to 40%The severity of these incidents increased by 103%
  • The frequency of incidents reported for organisations with under 250 employees increased 57% from the first half of 2020 to 2021

The company is also making some predictions for the near future:

  1. Ransomware will remain the single biggest threat for all organisations. Ransomware frequency will increase moderately but severity will flatten. “There is little leverage left to be gained beyond that which criminals already have after taking an organization’s operations hostage. (Note: MSSP Alert has seen some victims reporting that ransomware hackers have hit them multiple times.)
  2. The cyber insurance market will continue to harden throughout the year. It will be harder to qualify for cyber insurance with underwriters requiring potential policyholders to implement many common cybersecurity controls and address identified vulnerabilities as a condition of coverage.
  3. Supply chain attacks will be more common. Criminals will increase their targeting of software and service providers that other organisations rely upon.
  4. Government regulation and scrutiny will increase. Expect more regulation and more public frameworks from government institutions worldwide with new laws that require far greater disclosure of cybersecurity incidents.
  5. Criminal attacks will follow nation-state attacks. High profile attacks are typically motivated by espionage rather than financial gain but the exploits used often make their way into criminal hands, a trend Coalition expects to continue.
  6. Most cyber attacks will continue to be easily avoidable. Phishing, exploitation of remote network access points, exploitation of unpatched software with known vulnerabilities, and weak credentials will continue to be the main causes of cyber incidents.

Source: MSSP Alert