Cyber claims fall but vulnerabilities leave door open to attackers: Coalition
A separate report from Kroll tracks ransomware ‘swarm’
Cyber insurance claims recorded a 22% fall in 2022, helped by a 54% drop in ransomware claims, according to Coalition. But the cyber insurer warned that although claims frequency has stabilised, the risk remains a persistent threat to business; claims severity increased by 7% to an average loss of $169,000.
“The most important lesson from 2022 is that cyber risk is manageable,” it said.
Ransomware demands also reduced last year, Coalition said, based on its own data to track cyber claims, from $1.2m in 2021 to $1m.
“Coalition successfully negotiated ransom payments down for policyholders to an average of 27% of the initial demand,” the insurer said.
Publishing its 2023 Cyber Claims Report, Coalition said cyber insurance policyholders with just one critical vulnerability are 33% more likely to be hit with a claim. Coalition said buyers that fail to patch vulnerabilities or use out-of-date software are increasing the risk of cyberattack by as much as three times.
“Threat actors are forever looking for targets with weak security controls or unprotected infrastructures – these are the paths of least resistance into a company’s network,” said Catherine Lyle, head of claims at Coalition. Lyle added: “Human inaction, such as not patching a publicised critical vulnerability or updating out-of-date software, is a high-risk factor for a cyber incident or cyber claim.”
Human error is also a risk driver, Coalition said, with phishing the top attack vector and behind 76% of reported incidents – six times higher than the second-most popular attack. “Phishing-related claims have increased by 29% from the beginning of 2022,” the report says, opening up opportunities for funds transfer fraud, business email compromise and access to an organisation’s systems.
In a new update on the cyber threat landscape in Q1 2023, Kroll agreed that phishing remains the top method of exploitation.
Kroll said the quarter “saw ransomware swarm”, recording a significant rise of 56% of independent threat actors targeting firms, with ransomware joining the more established ransomware-as-a-service (RaaS) operations. The professional services sector was the main target, Kroll said, recording a 57% increase in ransomware attacks in Q1 2023 since the end of 2022. Overall, ransomware attacks, which do not necessarily translate into insurance claims, accounted for 30% of cyberattacks in Q1, Kroll said, while email compromise accounted for 26% of cases.
Laurie Iacono, associate managing director for cyber risk at Kroll, said: “The rising number of ‘one-off’ ransomware variants means that time-poor security teams need to defend against a swarm of smaller groups on top of the major RaaS players. This increase is likely in part due to several RaaS groups being dismantled in the last year and the ease of entry for smaller threat actors to conduct encryption.”
Iacono said businesses can do more to protect their systems from successful phishing attacks.
“Phishing continues to be the main point of entry for hackers, so making sure that employees are trained in cybersecurity best practices and having powerful endpoint protection in place is a key first step in helping to prevent attacks. Detecting exfiltration of data and responding quickly can make the difference between a superficial data loss and a catastrophic one. It also serves as one of the last detection opportunities before a large-scale threat like ransomware, which may encrypt systems and render critical services unavailable,” Iacono said.
Coalition’s Lyle also urged policyholders to adopt multi-factor authentication, which she said would have prevented most phishing claims.
“It’s a straightforward but critical recommendation: setting up multi-factor authentication is one of the best ways to prevent attackers from getting into an organisation’s network because it provides the person protection even when security is not top of mind. For a majority of Coalition’s phishing-related cases, multi-factor authentication would have stopped access and prevented a claim,” Lyle said.