Corvus Insurance Reports the Ratio of Ransoms Demanded to Ransoms Paid is Steadily Declining

Inaugural Corvus Risk Insights Index™ found that ransomware payments shrank from 44% in Q3 2020 to 12% by Q3 2021 due to improved backup processes and greater preparedness

BOSTON--()--Corvus Insurance, the leading provider of smart commercial insurance products powered by AI-driven risk data, today released findings from its inaugural Corvus Risk Insights Index™, a compilation of industry trends and data analysis based on the company’s proprietary IT security scanning technology, the Corvus Scan, as well as other first- and third-party data sources. The report provides an inside look at the insights and tools used by risk managers, IT departments, security researchers, and solution providers to hone their offerings and approaches to keeping organizations safe from evolving cyber threats.

“By tapping into the advanced capabilities of our IT scanning technology, we’re proud to share actionable data to increase awareness around the current state of cyber risk technology and help eliminate the impact of adverse events — especially as we approach the end of a pivotal year,” said Madhu Tadikonda, President of Corvus Insurance. “We hope this report will spark new cybersecurity innovation and spread awareness on how lower-effort, high-impact measures can make a significant difference in any organization’s risk.”

This edition of the Corvus Risk Insights Index™ focuses specifically on Cyber and Technology E&O (Errors and Omissions) risk and is broken down into four sections, including: litigation risk, cyber risk technologies, ransomware, and cyber vulnerability. All sections include contextual background on how foundational security methods can impact cybersecurity posture across organizations, pointing to how key indicators have fluctuated throughout the past few years.

Ransomware claims and costs
Ransomware has quickly become a dominant force in cyber risk, but its proliferation and the range in demands across various industries has continued to fluctuate.

  • Corvus recognized a rise in ransomware claims from Q2 2020 through Q1 2021 (0.25% to 0.58% increase in frequency), but then experienced a drop by 50% in Q2 2021 that largely sustained through Q3 2021.

While the reduced frequency is believed to be attributed to the shutdown of prolific ransomware groups Darkside and REvil during Q2 2021, the costs associated with a ransomware claim have continued to shift as recovery remains top of mind for businesses.

  • Breach response costs (for assistance in legal, forensics and recovery efforts) increased from 29% to 52% of overall claim costs while business interruption costs shrunk as a percentage.
  • Ransomware claims resulting in a ransom payment shrank from 44% in Q3 2020 to just 12% by Q3 2021.

This decrease in demand-to-pay ratio is likely due to improved preparedness and resiliency on the part of policyholders and their backups, allowing for breach response professionals to handle ransomware situations more efficiently and get companies back online faster.

Overall, ransomware attacks remain costly as the average cost for 2021 remains steady at $142,000 — almost identical to the previous year’s average. While there was a spike in the average cost of a ransomware attack in Q3 2021, which may appear to show a gain for threat actors, the average is composed of fewer overall attacks, and fewer attacks where any ransom was paid.

Litigation risks for tech vendors

For technology vendors, a cyberattack or other outage linked to their products or services can result in major costs from defending lawsuits brought by customers who suffered outages or lost data as a result of the incident — and that is on top of any first-party remediation and recovery efforts.

  • A company with 250 or more employees is 216% more likely to sue their tech vendor than a company with 10 or fewer employees, and twice as likely as a company with 11-50 employees.
  • Media companies (publishers, TV networks, etc.) and metals manufacturers are 50% more likely to sue their technology vendors than the average business, while insurers are around 20% more likely.

Post-COVID security & IT trends
COVID-19 ignited rapid shifts in technology usage as remote work became more prevalent, and Corvus’s proprietary scan provided data to analyze trends from two major IT security measures: accessible remote desktop protocol (RDP) and email security.

  • After RDP became widely classified as an attack vector in 2020, its presence in IT systems dropped by 50% in 2021.

Email phishing continues to be a popular launching pad for cyber crimes against businesses, but fortunately there are a number of cloud-based security tools that can be implemented to thwart these threats.

  • Corvus recognized a 2.5x (158%) lift in the usage of email security software across all industries, contributing to the reduction of these widespread threats.

“Over the past few years, the cybersecurity landscape has completely erupted with sophisticated forms of cyber attacks, creating many challenges for today’s security professionals,” said Phil Edmundson, Founder and CEO of Corvus Insurance. “This report provides the analysis needed to empower organizations to continue enhancing their offerings and keep our world safe from destructive threat actors.”

You can access the full Corvus Risk Insight Index here. To learn more about Corvus, please visit

About Corvus Insurance
Corvus Insurance is the leading provider of commercial insurance products built on advanced data science, with an AI-driven approach to empowering brokers and policyholders to better predict and prevent loss. With each Smart Commercial Insurance® policy, Corvus supplies proprietary Dynamic Loss Prevention® reports to inform policyholders of critical cyber risk areas and provide actionable security recommendations. Founded in 2017 by a team of veteran entrepreneurs from the insurance and technology industries, Corvus is backed by Insight Partners, Bain Capital Ventures, .406 Ventures, Hudson Structured Capital Management, Aquiline Technology Growth, FinTLV, Telstra Ventures, Obvious Ventures, and MTech Capital. The company is headquartered in Boston, Massachusetts, and has offices across the U.S.


Lisa van der Pool


Lisa van der Pool