Marsh India reports surge in cyber incidents in 2023

The mean cost to recover from ransomware attacks was estimated at $1.82m.

In 2023, Marsh India has observed a substantial increase in cyber incidents amongst its clients, particularly in the IT/Technology sectors, highlighting the growing prominence of cyber threats.

Ransomware attacks continue to be the leading cause of cyber incidents. Marsh reports that clients in India faced incident costs ranging from $70,000 to $5m, with an average cost of around $2.5m. 

These costs primarily encompass expenses related to engaging forensic experts, breach counsels, public relations agencies, and credit monitoring services to manage and mitigate cyber incidents effectively.

Significant losses due to business interruption were also notable, with the largest reported loss amounting to $3m. 

The severity of these losses varies based on factors such as the criticality of data, the scale of the company, the jurisdiction of the attack, and compliance with regulatory requirements.

Beyond ransomware payments, organisations incurred substantial expenses for data recovery and restoration. 

The mean cost to recover from ransomware attacks was estimated at $1.82m. Effective data backup strategies were critical, with over 73% of affected organisations relying on backups to restore their data.

The cyber insurance landscape has undergone significant changes characterised by market hardening, diminishing capacity, and escalating premiums. Insurers have tightened underwriting standards in response to increased claims payouts and heightened regulatory scrutiny. 

Reinsurance costs have risen due to the frequency and severity of cyber incidents, contributing to higher premiums for policyholders.

Introduction of new privacy laws, such as The Digital Personal Data Protection Act, 2023, underscores the importance of stringent data governance and accountability. These regulations are likely to further tighten underwriting standards in the cyber insurance market.

Organisations are urged to adopt proactive strategies to manage cyber risks effectively. This includes conducting comprehensive risk assessments, implementing robust risk mitigation measures, and ensuring cybersecurity readiness to safeguard against evolving cyber threats.