Cyber Insurance

New Data Shows Less Than Half of Cyber Ransom Demands Paid as Organizations Fight Back

In Part 1 of our Emerging Trends: Cyber Insurance series, we explore how organizations are responding to ransom demands in 2024.

The cyber threat landscape is constantly evolving, and so are the tactics of organizations in responding to these threats. In 2021, Sophos found that 46% of organizations made ransom payments. At Newfront, we've observed that less than half (42%) of our cyber claims over the past year (April 2023 - April 2024) now include ransom payments. 

We believe two main factors contribute to organizations choosing not to pay these demands:

  • Improved Backup Systems: Organizations are investing heavily in robust backup systems, allowing them to recover data without succumbing to ransom demands. By having reliable backups in place, companies can restore their operations more quickly and avoid the financial burden and ethical dilemmas associated with paying ransoms.

  • OFAC Restrictions: The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has imposed restrictions on paying certain ransomware actors. These regulations discourage organizations from making payments to sanctioned entities, further reducing the number of ransom payments.

In response to fewer organizations choosing to pay the ransom demand, we’re seeing more aggressive extortion tactics from threat actors. These include harassing C-Suite executives and victim customers, as well as employing double and triple extortion schemes. In these schemes, cybercriminals not only encrypt data but also steal it, threatening to publish or sell the information unless their demands are met. In addition to potentially exposing sensitive data, businesses experienced an average duration of 23 days down following ransomware attacks in previous years.

The decline in ransom payments signals a growing resilience among organizations against cyber threats. However, as threat actors adapt their tactics, the need for robust cybersecurity measures and comprehensive insurance coverage is more critical than ever. As ransom amounts continue to rise, insurers are raising their standards for insureds. At Newfront, we continue to monitor these trends to provide our clients with the best possible protection against the evolving cyber landscape.

Stay tuned for Parts 2 and 3 of our series.


Jennifer Wilson

Head of Cyber


Michele Lepper

Senior Cyber Claims Consultant

The information provided here is of a general nature only and is not intended to provide advice. For more detail about how this information may be treated, see our General Terms of Use.