Ransomware Attacks Forecast

Ransomware Attacks Forecast



Money talks in the cybercrime world.

In 2021, it is likely that:

  • Ransomware attacks will continue to increase because they are very lucrative.
  • Data breaches will continue to decrease because they are less lucrative (unless they are combined with a ransomware attack seeking ransom payment).

As in legitimate businesses, ransomware groups focus on profits. If they find easy targets for easy money, they pursue those targets.

The sign of the times in 2020 is that ransomware attacks are profitable for hackers.

We are under no illusions about this cyberattack scenario changing in 2021.

Cyber Crime Continues

Cybercriminals have become wealthier year over year for more than a decade. These bad actors have formed cartels and gangs that share in a vast pool of dirty money.

Call to Action

As in any battle, we must quickly reassess and regroup to implement a better defensive strategy. Does your holistic cyber risk management plan for 2021 include how to prevent, prepare for, detect, prevent, respond to, and survive a ransomware attack? If not, you still have time to update your plans for 2021.

Ransomware Attacks in 2021

In 2020, ransomware attacks are up because ransom demands are up.

Security Boulevard reports the average ransom payment increased to $233,8917 in Q3 2020, up 31% from Q2 2020.

Most likely, one can predict a 31% increase for Q4 2020 and Q1 2021.

Many of the same vulnerabilities that exist during the COVID-19 Pandemic will carry on until next year, including employees under stress in the healthcare environment, or under emotional distress working remotely or from home, or under fear of loved ones becoming ill or worse. Thus, these factors elevate the chance of human error and mistakes by employees.

In 2020, data breaches are down because they are less lucrative (unless combined with a ransomware attack seeking ransom payment).

The Identity Theft Resource Center (ITRC) reported that cyberattacks were the primary cause of data compromises reported in Q3 2020, with phishing and ransomware attacks the most common attack vectors.

Mass data breaches of personal information continue to decline while cyberattacks are up as threat actors focus on ransomware, phishing, and brute force attacks that use already available identity information to steal company funds and COVID-19 related government benefits.

ITRC found that in Q3 2020, publicly-reported US data breaches have dropped 30% compared to 2019. More than 292 million individuals have had their identities compromised so far in 2020, a 60 percent drop from 2019.

Despite the encouraging data breach numbers, a single ransomware attack at Blackbaud exposed information from at least 247 organizations (with approximately 6,981,091 individuals impacted) that have issued their breach notifications as of September 30, 2020.

"It is encouraging to see the number of data breaches continue to decline in 2020," said Eva Velasquez, president, and CEO of ITRC. "If data breaches continue at this pace for the remainder of 2020, we could see our lowest number of breaches since 2015."

While data breaches are dropping, the Blackbaud data breach has skewed the numbers significantly since some view Blackbaud as a series of supply-chain attacks and not a single event. If one treats that Blackbaud data breach as a series of events, data breaches have only decreased by 10 percent compared to 2019.

If Blackbaud is an outlier (skewing the decrease in numbers for 2020), one can predict a decrease in data breaches in 2021.

Essential Action Steps

In Q4 2020, you still have time to implement or update your cyber risk management strategy for 2021, including taking these essential action steps:

Training employees from top to bottom
  • Phishing email testing will help your entire team be aware of and avoid these risks.
Cybersecurity measures in place
  • You can rely on security experts and your cyber insurance carrier to help you upgrade your security measures for 2021.
Stand-Alone Cyber Insurance policy tailored to your needs
  • It would be best if you had more than a commercial insurance portfolio. You need explicit, affirmative cyber coverage for your risk tolerance.
Incident Response Plan
  • Your preparation will pay off. Even better, your cyber insurance carrier has a panel of suggested experts for you to build a support team before, during, and after a cyber incident.
Incident Response Testing
  • Testing highlights where you need to improve before the actual event. An annual dry run helps you put the pieces in place.
Fine-tune all of the above if your testing reveals vulnerabilities
  • You will find vulnerabilities. Every business has some. The key is to learn what they are and correct them as best you can.

Stand-Alone Cyber Insurance

An investment in Stand-Alone Cyber Insurance is an investment in your survival after a cyber or privacy loss.

For example, some carriers offer cyber insurance coverage for:

  • Bodily Injury and Property Damage to third parties caused by a security breach or failure:
    • Third-party physical injury.
    • Third-party damage to tangible property.
  • Ransom payment demands during a ransomware attack:
    • Ransom payments (often in cryptocurrency) agreed with the prior written approval of the insurance company.
    • Ransom negotiations with the hackers (regarding the ransom demand with the help of a security expert).
  • Business interruption during a cyber event:
    • Lost net profits due to a ransomware attack shut down during a ransomware attack (after a brief waiting period and during a restoration period).
    • Extra expenses, including payroll, during a shutdown of your computer network.
  • Data recovery or restoration:
    • Recovering or restoring lost programs, software, or data due to damage, disruption, theft, or misuse of your data during a cyber event.
  • Incident response during a cyber incident:
    • Incident response planning.
    • Incident response team pre-selected from a panel of experts).
    • Cyber incident response costs incurred.
  • Employee cyber risk awareness training:
    • Employee training focused on reducing the likelihood of human error by employees being tricked or manipulated into taking action that leads to a ransomware attack, data breach, or funds transfer fraud.

Your company's residual cyber risk includes your employees who may be tricked by a phishing email or text or manipulated via a phone call. This type of human error can be very costly and even jeopardize your company's survival.

Investing in cybersecurity alone is not sufficient. Please take the next step and invest in specific Stand-Alone Cyber Insurance to avoid catastrophic financial harm to your business.


  • The average ransom demand in 2020 is $233,8917.
  • Are you prepared to make a rapid decision about paying the ransom on your own?
  • Do you have critical data backups to restore or replace your encrypted data files if you choose to refuse to pay a ransom?
  • Do you have any idea of how long your business could survive if shut down from a ransomware attack?
  • Your business stands a better chance of surviving and thriving after a cyberattack with a dedicated Stand-Alone Cyber Insurance policy suited to your risk tolerance level.
  • Cyber Armada Insurance is here 24/7 to help you during the renewal season and beyond.

Reach out to Cyber Armada Insurance to assist you with your Stand-Alone Cyber Insurance needs. We understand the evolving cyber risks and the importance of your investment in appropriate cyber insurance.

Contact Cyber Armada today to explore how your company can solve potential financial losses from a cyberattack. Contact us at 888.727.6232.

Next Article 

Please watch for our next article on Predictions for 2021: Part 2.

This article is made available for informational purposes and is not intended to be a substitute for professional or legal advice. No attorney client relationship is formed or implied between you and the authors(s) or Cyber Armada Insurance.

Topics: Ransomware Stand-Alone Cyber Insurance Predictions 2021

Cyber Armada Team
Posted by Cyber Armada Team on Nov 20, 2020

Apply for Cyber Insurance Online

Answer a few questions online and Cyber Armada will design a cyber insurance policy tailored to your particular needs.

Apply Online
Apply for Cyber Insurance
Schedule an appointment with Cyber Armada

Can we talk?

We're ready to talk when you are. You can schedule an appointment to speak with a representative from Cyber Armada when it is most convenient for you. Whenever possible we use online meetings to increase productivity and increase the amount of time we can spend with you. We use Zoom Meetings as our preferred video conferencing platform.

Schedule Appointment