The average ransomware demand was $175,000 in 2019, a 12-fold increase from $15,000 in 2017, according to the Ransomware 2021 Spotlight Report issued by NetDiligence. The report focuses on small to medium enterprises (SMEs). Cyber insurance claims attorneys can use this report to better understand the rapidly changing cyber insurance market.

The healthcare, professional services, manufacturing, and retail industries are primary targets for ransomware demands covered in the report, according to the provider of cyber risk software and services. Over 900 cyber insurance claims for ransomware incidents reported in 2015 to 2019 from the NetDiligence claims database were analyzed. Highlights of the results are reported below.

Key Ransomware Claims Findings for 5-Year Period (2015 – 2019)

Small to medium enterprise costs for all ransomware claims were split into five categories:

  • Ransom Demand – The median cost for ransom demands was $12,000 and the average cost was $81,000.
  • Crisis Services – The median cost for crisis services was $29,000 and the average cost was $54,000.
  • Business Interruption – The median cost for business interruptions was $28,000 and the average cost was $228,000.
  • Recovery Expense – The median cost for recovery expense was $11,000 and the average cost was $35,000.
  • Total Incident Cost – The median cost for ransom demands was $43,000 and the average cost was $142,000.

Average Ransomware Incident Cost by Industry

Looking at the number of claims by industry sector, the most valid data for total incidents costs based on claim volume is as follows.

  • Healthcare: $107,000 average incident cost based on 312 claims.
  • Professional services: $88,000 average incident cost based on 200 claims.
  • Manufacturing: $490,000 average incident cost based on 65 claims.
  • Retail: $130,000 average incident cost based on 50 claims.
  • Nonprofit: $105,000 average incident cost based on 42 claims.
  • Technology: $221,000 average incident cost based on 31 claims.
  • Financial Services: $62,000 average incident cost based on 31 claims.
  • Education: $202,000 average incident cost based on 29 claims.
  • Public Entity: $140,000 average incident cost based on 28 claims.
  • Transportation: $138,000 average incident cost based on 21 claims.

Other industries in the report were covered but data was based on a law claim volume.

Should You Pay Ransomware Demands?

NetDiligence data suggests that costs to organizations that pay ransom demands are lower than costs to organizations that decline to pay. While there is no apparent correlation between ransom demand and business interruption, organizations that refuse to pay ransoms have significantly higher costs of business interruptions and recovery expenses.

Companies that recover without paying the ransom acquire the decryption key from another source (like the FBI), reverse-engineer decryption keys, utilize uncorrupted backups, replace compromised systems with new ones, or re-create lost data.

New Extortion Trend

Attackers are beginning, after exfiltration, to issue an extortion demand without encrypting the stolen data. Instead, the attacker threatens to expose the victim organization’s confidential data or auctions off the data to the highest bidder if the ransom is not paid.

Governmental Advice on Ransomware

Law enforcement agencies play an important role in ransomware incidents and should be contacted immediately under most circumstances. While the position of the FBI is that victims should not pay ransoms, they understand that victims may not have a practical alternative. The FBI is consulted by many victimized organizations, and agency attempts to protect the confidentiality of the ransomware target while pursuing the perpetrators for criminal actions.

A ransomware advisory warning was issued by the Department of Treasury’s Office of Foreign Assets Control (OFAC) on October 2020. An important note is that OFAC will consider an organization’s self-initiated, timely, and complete report of a ransomware attack to law enforcement to be a significant mitigating factor in determining an appropriate enforcement outcome if one is needed.

Cybersecurity Recommendations for Ransomware Attacks

Businesses, non-profit organizations, and municipal agencies are advised to take the following steps to protect confidential data against future ransomware attacks.

  • Isolate hot/cold backup sites as much as possible and test regularly.
  • Properly segment networks by isolating administrative functions from operational functions.
  • Take security awareness seriously, including testing users and ongoing training.
  • Implement multi-factor authentication to help protect credentials.
  • Employ an incident response plan with recurring testing.
  • Back up data properly: Have at least two sets of back ups that cannot be reached via the network and consider cloud-based back up, multi-versioning, and Write-Once, Read-Many (WORM) solutions.
  • Apply next-generation endpoint protection to help prevent ransomware attacks before they disrupt your business.

Click on the link to access a copy of the NetDiligence 2021 Ransomware report.

Implications for Cyber Insurance Claims and Panel Counsel Attorneys

Cyber insurers have seen their loss ratios increase dramatically, and, as a result, are actively working with cybersecurity technical partners and reinsurers on more stringent loss control requirements and underwriting procedures to better control this growing threat.

Cyber insurance claims attorneys are likely to see an increase in claim volume. The data gathered in industry reports such as this will help panel counsel law firms to better serve their cyber insurance clients and their insureds.

Insurance Defense Marketing Consultant for Law Firms

If your insurance defense law firm is asking how you can improve your marketing and business development efforts, give us a call. We have helped more than 200 insurance defense law firms in 42 states pursue new property and casualty (P&C) insurance clients.

Legal Expert Connections, Inc. offers three key benefits to insurance defense law firms nationwide:

  1. We are the leading U.S. legal marketing agency specializing in the insurance defense market. We make it our business to identify who you need to contact at an insurance company, corporation or municipality to be considered as a panel counsel member. We accelerate your business development process by helping you focus on introducing your law firm to new prospective clients.
  2. You get a structured business development process. We guide your law firm through a proven three-step campaign that brings discipline, focus, and productivity to your marketing efforts.
  3. Increase revenue with professional, Bar-compliant legal marketing campaigns. We do the research to identify insurance panel managers, so you can focus your time on the business development process.

Contact Margaret Grisdela, an insurance defense marketing consultant, at 561-266-1030 or via email. Connect with Margaret Grisdela on LinkedIn.


This article is provided for educational purposes only. It is not to be interpreted as legal advice or an opinion in regard to any topic discussed. The article should not be used as a substitute for legal advice from a licensed attorney in your state. Every situation is different and circumstances vary widely depending on the governing state law, policy provisions, and related considerations.