In 2023, cyber insurance claims in North America reached record levels due to the increasing sophistication of cyber-attacks, the MOVEit file transfer incident [1] [2], privacy claims [1] [2], and the rising number of organizations purchasing cyber insurance.


Over 1800 reports were received by insurance broker Marsh from clients in the US and Canada [1], with approximately 21% reporting at least one cyber event. The healthcare industry consistently submitted the highest number of claims [1], with sectors most affected including healthcare, communications [2] [3], education [2] [3], retail/wholesale [2] [3], and financial institutions [2] [3]. Cyber extortion events hit record levels [1], with a significant rise in ransomware incidents [1]. Median extortion payments surged [1] [2] [3], but negotiations were effective in reducing the final ransom paid [1]. The percentage of companies paying ransom demands fell in 2023 [1], continuing a longer-term trend [1]. Ransomware remains a significant threat [4], with increasing severity and complexity [4], and certain sectors [4], such as healthcare and financial services [4], are more vulnerable to cyberattacks [4], requiring tailored cybersecurity strategies [4].


The surge in cyber insurance claims highlights the need for organizations to enhance their cybersecurity measures to mitigate the risk of cyber-attacks. Negotiation strategies have proven effective in reducing ransom payments [2], but the threat of ransomware continues to evolve and pose challenges for businesses. Moving forward, it is crucial for companies, especially those in vulnerable sectors, to invest in tailored cybersecurity strategies to protect against cyber threats.