In a revealing new study backed by the Dutch government, ransomware operators are shown to dramatically inflate their ransom demands when they discover a victim has cyber-insurance — sometimes by nearly threefold.
The research, part of a PhD thesis by Dutch police officer sheds new light on how cybercriminals leverage insurance data to maximize profits from their victims.
Analysis of 453 ransomware cases between 2019 and 2021 found that attackers often search infected systems for terms like “insurance” or “policy” shortly after gaining access.
If such documents are found, the average ransom demanded rises by a staggering 2.8 times — and in double-extortion attacks (where hackers also threaten to leak stolen data), insured companies are quoted 5.5 times more than those without policies.
Insurance: A Double-Edged Sword?
It has been observed that cybercriminals see insurance as a guaranteed payday. They assume insurers will cover costs to avoid greater financial damage, leading to inflated demands — but not so high that the insurer refuses to pay.
ALSO READ: Cyber Resilience in the Hills: FCRF, CERT-In & ICM Dehradun Join Hands for Cyber Crisis Management Workshop
The numbers confirm this chilling logic. Companies with cyber-insurance paid a ransom 44% of the time, compared to just 24% of those uninsured. Not only did insured victims pay more frequently, they also paid significantly higher sums — averaging Rs 6.65 crore per attack, versus Rs 12.47 crores for their uninsured counterparts.
How the Attacks Happen
The most common method of entry? Phishing emails embedded with malicious links, responsible for about a third of successful ransomware attacks. Other vectors included spam (8%), malicious mobile apps (13%), and unpatched systems (10%).
Interestingly, the retail and wholesale sectors were hit most often — accounting for nearly 33% of attacks — but the ICT sector proved far more lucrative. Though it represented just 14.7% of attacks, it led to the highest average payouts, making it a prime target for cyber extortionists.
Hackers often exchange messages on dark web forums specifically targeting high-value sectors. IT service providers are especially vulnerable because a single breach can impact dozens of their clients.
Backups: The Real Lifesaver
Despite these grim statistics, research offers a glimmer of hope. Companies with functional backup systems were 27 times less likely to pay a ransom. But there’s a catch — 85% of backups fail when needed, often because attackers sabotage or encrypt them too.
Still, even when backups are available, some firms opt to pay anyway — often to recover faster or protect their reputation. In about 5% of cases, businesses had other recovery options but still chose to pay.
The Road Ahead
With double-extortion tactics on the rise and criminals getting smarter about monetizing insurance data, it is believed this form of cybercrime will soon dominate the threat landscape.
And while recent trends suggest ransom payments in the Netherlands are temporarily declining, that could quickly change as attackers refine their techniques and targeting strategies.