Policyholders with at least one unresolved critical vulnerability are 33% more likely to experience a claim
Cyber policyholders with at least one unresolved critical vulnerability are 33% more likely to experience a claim, according to a new report from the cyber insurance provider Coalition.
The Coalition’s 2023 Cyber Claims Report also found that policyholders who continue to use end-of-life software – products that are no longer supported by their original developer – are three times more likely to suffer a cyber claim. incident. This is true regardless of the size of the organization.
“Threat actors are forever looking for targets with weak security controls or unprotected infrastructure – these are the paths of least resistance in a company’s network,” said Catherine Lyle. , head of Coalition claims. “Unfortunately, that’s why human inaction, such as not patching a public critical vulnerability or updating outdated software, is a high-risk factor in a cyber incident or cyber claim.”
The Cyber Claims Report also found that human error is as much a risk driver as inaction. Phishing accounts for 76% of reported cyber incidents – more than six times greater than the next most common technique. Overall phishing-related claims have increased by 29% since the start of last year, the Coalition found.
Phishing usually leads to funds transfer fraud (FTF) or business email compromise, but it is also the number one path used to breach a company’s system for any purpose, the report said.
“This is a straightforward but critical recommendation: setting up multi-factor authentication is one of the best ways to prevent attackers from entering an organization’s network because it provides human protection even if security is not top of mind,” Lyle said. “For most of the Coalition’s phishing-related cases, multi-factor authentication would have stopped access and prevented a claim.”
Other important findings include:
- The number of claims fell by 17% from 2021 to 2022
- FTF frequency decreased slightly last year after increasing 23% in 2021. FTF severity decreased in 2022 after increasing 68%
- When policyholders alerted the Coalition to an FTF event, the Coalition successfully recovered 66% of the lost funds
- Ransomware claims that its volume has fallen 54% year-on-year. Ransomware demand also decreased, from $1.2 million in 2021 to $1 million in 2022
- Last year, the Coalition successfully negotiated a ransom payment for policyholders of an average of 27% of the initial demand.
Last month, the Coalition announced the launch of a new AI initiative to protect against cyber threats. The company also recently released a new model for understanding cyber risk accumulation.
Is there anything to say about this story? Let us know in the comments below.
Keep up with the latest news and events
Join our mailing list, it’s free!