Any business that uses IT and computer systems faces a multitude of cyber risks including the threat of ransomware – bad actors blocking use of systems until the victim pays a ransom. New analysis by research firm Chainalysis has indicated that the total global value of ransomware payments last year fell from a record US$1.25bn in 2023, to $813m in 2024.

In this article, Policyholder Disputes partner Chloe Derrick comments on how far we can read into a decline in the total value of monies extorted by ransomware attacks, why ransomware still remains a paramount cause of concern for businesses, and what this could mean for cyber insurance disputes in future.

Threat of ransomware should not be minimised

Last year’s fall in the total value of attacks must be put into context, as it comes after a peak for ransomware activity in 2023. Industry commentators noted increases on various metrics including the proportion of new ransomware variants and a “significant rise in posts on data leak sites” according to analysis by cybersecurity firm Mandiant. Its report also suggested that, in almost one third of incidents, attackers had deployed ransomware within only 48 hours of gaining access to the business’s systems.

Against that backdrop, the news that the total value of ransomware payments made globally during 2024 had decreased, when compared with earlier years, will be welcomed by businesses. However, it is important a distinction is drawn between the collective payments made and the number of attacks taking place.

Unfortunately for businesses, ransomware remains a persistent cyber risk and whilst the market is witnessing ransom demands that are not at headline grabbing levels, even lower ransom requests can still be business-critical risks for small and mid-size companies.

What would legislation to block ransomware payments mean in practice?

We are at present waiting to see the outcome of the government’s consultation on ransomware attacks and whether obligatory reporting requirements will be introduced. Whilst obligatory ransomware reporting and the potential for government blocking of ransom payments might deter some threat actors, it may not necessarily lead to any overall reduction in cyber insurance indemnity payments.

Instead, we might see an increase in the value of business interruption claims, reflecting the potential additional time spent by businesses engaging with authorities and obtaining the government’s consent to ransom payments, before the disruption can be resolved. The National Crime Agency reported 294 ransomware incidents in 2023, which is over a 100% increase from 2022. Against that background it is hard to see how the government’s proposed ransomware payment prevention regime will actually work in practice, without significant delays in investigating incidents and providing consent to payments.

It is equally worthwhile noting that the Home Office are deliberating whether to impose criminal and/or civil penalties for non-compliance with the ransomware payment prevention regime. Subject to the scope of policy coverage, this might equally give rise to increased levels of indemnity payments – particularly if the proposed fines were to be in line with the mammoth figures we have seen for GDPR non-compliance.

The future of cybersecurity and business interruption

Cyber insurance continues its upward growth trajectory as the fastest-growing global insurance product. Prompted by rising global cyber threats, an increasing number of businesses worldwide across industry sectors are either purchasing standalone cyber coverage for the first time, or broadening the scope of their existing coverage.

Ransomware is only one element of this trend: the cyber market is understandably becoming increasingly wary of the national or global damage that a systemic cyber event might cause. The recent global CrowdStrike outage brought to the forefront market-wide queries around how cyber insurance might respond to cover the estimated billions of dollars of business interruption losses in that instance.

The Policyholder Review 2024/25, published by Stewarts in January 2025, features a survey of key legal developments across a range of insurance concerns including cybersecurity.

Read the full report now.