Skip to main content

Report

The changing face of cyber claims 2024

In "The changing face of cyber claims in Europe", Marsh looks at trends and changes in cyber claims throughout Europe. 

Understanding trends in cyber claims helps to inform an effective risk management strategy in today’s tech-dependent society. Analysis of the cyber claims submitted to Marsh in Europe in 2023 reveals the following:

  • Cyber claims increased 1% in 2023 compared to 2022, continuing a general upward trend that started in 2016.
  • Financial institutions accounted for the highest number of cyber claims (21% of the total); followed by communication, media, and technology (17%); professional services (13%); manufacturing (9%); and healthcare (7%).
  • The number of claims related to malicious acts continued to far outpace those related to non-malicious acts.
  • Claims related to extortion/ransomware accounted for 25% of the total, followed by data breaches (19%) and network interruption (10%).
  • In 2023, organisations were less likely to pay a ransom in an extortion incident, amid a general strengthening of their cyber resilience.
  • Manufacturers remained a prime target for cybercriminals, although the sector reported fewer claims in the last two years compared with other years.
  • Cybercriminals often targeted IT service providers, and the uptake of cyber insurance increased in this group.

Additionally in the first half of 2024:

  • Cyber claims notifications in Europe increased, accounting for approximately 70% of the total claims received in 2023. The most common incidents included social engineering, phishing, and impersonation, followed by system infiltration, ransomware, and data breaches.
  • A major incident involving a CrowdStrike software update caused a global IT outage on July 19, 2024, impacting millions of Microsoft Windows device users worldwide. A recap of the latest insights and client discussions on CrowdStrike from Marsh can be viewed here.

Cyber claims up slightly in 2023; remain below 2021 level

From 2016 to 2021, the number of cyber claims in Europe grew each year, then dropped in 2022 before edging up slightly (1%) in 2023. Marsh also saw growth in the number of policies placed in 2023, which exceeded the increase in notifications. This reversed a recent trend in which the increase in notifications had surpassed the growth in policies placed.

However, when comparing the number of claims in 2020 to those made in 2023, there was a significant increase over this period. This upward trajectory indicates a continuous growth in cyber claims in the region.

Manufacturing industry

Across Europe, many manufacturers have enhanced their abilities to detect and protect against cyberattacks, as seen in the sector’s improved average National Institute of Standards and Technology (NIST) scores between 2021 and 2023.

However, manufacturers generally have been less attentive to what should be done when bad actors infiltrate the ICT network.

IT service providers

While the communication, media, and technology sector, as a whole, experienced increased frequency of cyber claims in 2023, the fastest growth was seen in the subcategory of IT products and services, accounting for 49% of CMT claims in the region, up from 31% in 2022 and 26% in 2021.

Ransomware claims

In terms of the types of cyber claims in 2023, the most frequent incidents related to extortion/ransomware (25% of claims), followed by data breaches (19%) and network interruption (10%). 

For more information, please contact a Marsh specialist.