Policyholders with even one unresolved critical vulnerability are 33% more likely to experience a cyber claim, according to a recent report by cyber insurance provider Coalition.
The 2023 edition of the Cyber Claims Report also confirmed human error or inaction as the top exploited attack vector, with organisations using end-of-life software – – products no longer supported by their original developers – experiencing three times more claims
Catherine Lyle, Coalition’s Head of Claims, said: “Threat actors are forever looking for targets with weak security controls or unprotected infrastructures – these are the paths of least resistance into a company’s network.
“Unfortunately, that’s why human inaction, such as not patching a publicised critical vulnerability or updating out-of-date software, is a high risk factor for a cyber incident or cyber claim.”
Phishing accounted for 76% of reported incidents — more than six times greater than the next-most popular attack technique. Overall phishing-related claims have increased by 29% from the beginning of 2022.
Successful phishing frequently leads to funds transfer fraud (FTF) or business email compromise (BEC) events but is also the top path used to get into an organisation’s system for any purpose.
Lyle added: “It’s a straightforward but critical recommendation: setting up multi-factor authentication is one of the best ways to prevent attackers from getting into an organisation’s network because it provides the person protection even when security is not top of mind.
“For the majority of Coalition’s phishing-related cases, multi-factor authentication would have stopped access and prevented a claim.”
Other key findings from the report include a 17% decrease in overall claims frequency from 2021 to 2022; also FTF frequency slightly decreased in 2022 after sharply rising by 23% in 2021. Similarly, FTF severity flattened in 2022 after a 68% surge.
Additionally, when policyholders alerted Coalition to an FTF event, Coalition successfully recovered 66% of lost funds; ransomware claims frequency dropped 54% year-over-year (YoY). Ransomware demands also decreased YoY from $1.2m in 2021 to $1m in 2022 – a 17.5% drop. In 2022, Coalition successfully negotiated ransom payments down for policyholders to an average of 27% of the initial demand.
