One of the key findings of the report highlights the critical importance of addressing vulnerabilities promptly. It revealed that policyholders who had unresolved critical vulnerabilities in their systems were 33% more susceptible to experiencing a cyber claim.
This alarming statistic underscores the need for proactive measures to identify and rectify vulnerabilities promptly, as a failure to do so significantly increases the risk of falling victim to cyberattacks.
Moreover, the study underscored that the use of end-of-life software poses a substantial threat to organisations, irrespective of their size. Organisations that continued to rely on software or products that were no longer supported by their original developers were found to be three times more likely to encounter cyber incidents. This emphasises the critical role of regular software updates and the adoption of current and supported technologies to bolster cyber resilience.
Coalition’s report analyses trends to report potential cyber threats
As the world’s first Active Insurance provider, Coalition has long been at the forefront of cyber risk management. The release of its Cyber Claims Report further solidifies its commitment to providing actionable insights and solutions to combat the ever-evolving cyber threat landscape. By analysing the trends and patterns observed in the report, organisations can better understand the risks they face and implement effective strategies to mitigate potential cyber threats.
The report serves as a valuable resource for policymakers, cybersecurity professionals, and businesses of all sizes seeking to enhance their cybersecurity posture. With cyberattacks becoming increasingly prevalent and sophisticated, it is essential for organizations to remain vigilant and take proactive measures to safeguard their digital assets.
“Threat actors are forever looking for targets”, says Coalition
Speaking about the recent findings, Catherine Lyle, Coalition’s Head of Claims, said: “Threat actors are forever looking for targets with weak security controls or unprotected infrastructures – these are the paths of least resistance into a company’s network. Unfortunately, that’s why human inaction, such as not patching a publicized critical vulnerability or updating out-of-date software, is a high risk factor for a cyber incident or cyber claim.”
The 2023 Cyber Claims Report also found that, in addition to human inaction, human error is equally as high of a risk driver. Phishing accounted for 76% of reported incidents — more than six times greater than the next-most popular attack technique.
Overall phishing-related claims have increased by 29% from the beginning of 2022. Successful phishing frequently leads to funds transfer fraud (FTF) or business email compromise (BEC) events but is also the top path used to get into an organisation’s system for any purpose.
Coalition sets out ‘critical’ recommendations for cyber safety
Lyle explained: “It’s a straightforward but critical recommendation: setting up multi-factor authentication is one of the best ways to prevent attackers from getting into an organisation’s network because it provides the person protection even when security is not top of mind. For the majority of Coalition’s phishing-related cases, multi-factor authentication would have stopped access and prevented a claim.”
Other key findings from the report include:
- Overall claims frequency decreased by 17% from 2021 to 2022.
- FTF frequency slightly decreased in 2022 after sharply rising by 23% in 2021. Similarly, FTF severity flattened in 2022 after a 68% surge.
- When policyholders alerted Coalition to an FTF event, Coalition successfully recovered 66% of lost funds.
- Ransomware claims frequency dropped 54% year-over-year (YoY). Ransomware demands also decreased YoY from $1.2 million in 2021 to $1 million in 2022 — a 17.5% drop.
- In 2022, Coalition successfully negotiated ransom payments down for policyholders to an average of 27% of the initial demand.
Source: Coalition
