Higher Cyber Defense Leads to Higher Ransoms

This post is also available in: עברית (Hebrew)

Study finds that businesses with cybersecurity insurance face significantly higher ransom payments compared to businesses that are not insured.

According to Dutch victim data, the average ransom demand in the Netherlands from 2019 to 2022 was €720,000, and only one victim in five (21%) actually chose to pay it. After analyzing 382 ransomware attacks that were reported to the Dutch Police or handled by an Incident Response company, researchers found factors that seem to be affecting ransom payments.

According to Cybernews, insurance leads to higher ransom demands, as businesses that had insurance paid €708,000 on average in ransoms, while those without insurance averaged only €133,016. Furthermore, researchers have also observed that 44% of insured victims opted to pay, while only 24% of uninsured victims did.

Another significant factor seems to be recoverable backups- 89% of victims who had fully recoverable backups chose not to pay the ransom. The researchers explained that businesses with more valuable data are more likely to employ backup systems.

The researchers weighed the data and concluded: “Specifically, having insurance results in ransoms that are 2.7 times larger, data exfiltration corresponds to a 4.4 times increase in the ransom, and each 1% increase in a victim’s yearly revenue causes a 0.12% rise in the ransom paid,” they concluded after weighting the data.

They even drew a demand curve for willingness to pay a ransom showing that the willingness is 100% when the ransom is €500 and gradually approaches zero when the ransom demand rises to €10 Million and above.

The Dutch victims who chose to negotiate with cybercriminals spent an average of 111 hours, while the average negotiating time was four times lower when a ransom was actually paid – only 25 hours.