Outdated technology, poorly maintained software, and the dreaded click on a malicious link are to blame for the most cyber insurance claims experienced by policyholders in 2022, according to a new report from the Coalition.
“Threat actors are forever looking for targets with weak security controls or unprotected infrastructure – these are the paths of least resistance in a company’s network,” said Catherine Lyle, head of Coalition claims. “Unfortunately, that’s why human inaction, such as not patching a public critical vulnerability or updating outdated software, is a high-risk factor in a cyber incident or cyber claim.”
The total number of claims in 2022 will decrease 22% compared to last year, said the Coalition in the latest Cyber Claims Report. Claims volume increased 7% to an average loss of nearly $169,000.
Coalition claims involving ransomware decreased 54% year-over-year and ransom demands decreased from $1.2 million in 2021 to $1 million in 2022. Last year, funds transfer fraud ( FTF) and business email compromise (BEC) did not sit ransomware as the main reason for a claim, as phishing accounted for 76% of reported incidents.
The coalition said the severity of FTF claims increased in 2022 after a surge in 2021. The company said it recovered 66% of the missing funds when alerted by FTF, but the recovery of those Funding becomes more complicated due to “dwell time” – the amount of time a hacker remains on a network before initiating an FTF activity. In 2022, the average dwell time associated with FTF events will be 42 days, an increase from 24 days in 2021. This means that threat actors are spending more time learning. part of an organization and hiding evidence of crimes.
Phishing will most likely lead to FTF and BEC claims by 2022 and new technologies will help attack methods. The coalition said threat actors are beginning to use artificial intelligence tools to write better emails and translate languages for use in many areas of the world.
The analysis of claims continues to point to the threats of actors who use less sophisticated methods to exploit the organization’s employees and poor network hygiene. The report found that policyholders with at least one unresolved critical vulnerability were 33% more likely to experience a claim.
“Most of the incidents we observed could have been prevented with proper security controls and a proactive cyber risk management approach,” the Coalition said.
Photo: Photographer: Sean Gallup/Getty Images
Cyber InsurTech Tech
Interested in Cyber?
Get automatic alerts for this topic.