Organisations refuse to pay ransoms in fresh wave of attacks: Resilience
The majority of organisations hit by ransomware attacks (80%) recovered data and systems without paying a ransom as attacks “skyrocketed”, according to cyber risk firm Resilience. Ransomware attacks doubled in frequency in the last quarter of 2022 and into Q1 2023, Resilience said, but new approaches to cyber risk have helped organisations fend off ransom demands.
Publishing its first annual claims report, Resilience said: “By balancing risk acceptance, mitigation, and transfer, organisations are able to significantly strengthen their ability to recover data and maintain business operations in the face of ransomware attacks, without making an extortion payment.”
The report states none of Resilience’s clients made an extortion payment in 2022, and it claimed Resilience clients were half as likely to pay a ransom to recover systems in a cyberattack compared to industry averages.
CEO of Resilience Vishaal Hariprasad said: “By bringing together risk, finance, and security roles that previously operated in silos, we can deliver a completely new approach: cyber resilience. Our clients’ success in mitigating the threat of ransomware validates this approach and spotlights the opportunity for the digital economy to rethink how they approach risk.”
Ransomware remained the leading cause of loss for claims at 17.8%, according to Resilience’s report, followed closely by transfer fraud at 17%, vendor data breaches at 11.8% and business email compromise at 10.4%.
The report found phishing is the lead point of failure, based on primary claim notices, at 23.4%, followed by risk from third-party vendors at 22.1% of claims.
“The cyber insurance model is broken,” said Mario Vitale, president of Resilience. “It’s stuck in analogue, while the digital world is rapidly changing. We’re doing for cybersecurity what insurance companies did for property, auto, and healthcare: pair technology and finance to shape behaviour and drive better outcomes. The results are impressive, and we’re just getting started.”