Digital Risk: Enterprises Need More Than Cyber Insurance
Resources

Resilience Midyear 2023 Claims Report

Cybercriminals Uplevel Tactics to Deal with Lower Extortion Payment Rate

by Brian Bochner , VP, Marketing
Published

SAN FRANCISCO, CA, October 17, 2023 – Ransomware is entering a new era, as cybercriminals have begun shifting their tactics to bypass security controls by hitting critical vendors and seeking larger targets for extortions, Resilience found in its Midyear 2023 Claims Report.

Among the key findings:

  • Cybercriminals are returning to “big-game hunting.” Attackers are focusing on bigger targets, particularly those organizations with sensitive data that are able to pay larger ransom demands. Two recent examples are MGM Resorts and Caesars Entertainment
  • Third-party vendors become the lead point of failure. Vendor cyber risk has overtaken phishing attacks as the leading point of failure in cybersecurity. Resilience data shows third-party vendor incidents account for 28.9% of its clients’ all-time claims, ahead of phishing at 23.1%.
  • Traditional ransomware expanding to encryption-less extortion. Threat actors are expanding on previous tactics in which they encrypted data and offered decryption keys in exchange for ransoms. Now, Resilience is seeing an increase in encryption-less data exfiltration attacks that threaten to publish sensitive material unless the criminals’ extortion demands are met.

“Ransomware remains a top concern for our clients, with data from firms like Chainalysis showing 2023 is on track to be one of the most active years on record,” said Vishaal “V8” Hariprasad, CEO & Co-Founder of Resilience. “However, ransomware risk can be mitigated to the point that victims can choose not to pay a ransom,” Hariprasad added. “Resilience data shows only 15% of the overall Resilience client base who experienced an extortion incident in the first half of 2023 elected to pay to resolve an incident.” By comparison, for all ransomware attacks analyzed by Coveware, the average payment rate was 39.5% in the first two quarters of this year.

A key event behind the trend in encryption-less extortion was the massive hack in May 2023 of the MOVEit file transfer platform. The attack affected at least 1,000 organizations and more than 60 million individuals whose data was stolen by a notorious ransomware and extortion gang. The gang is continuing to extort payments from victims.

The findings of the Midyear 2023 Claims Report support the Resilience model of a holistic approach to managing risk. Earlier in 2023, the company introduced the Resilience Solution, designed to help companies balance their risk acceptance, risk mitigation, and risk transfer so they can assess, measure, and manage their cyber risk in an integrated and economically efficient manner. To read the Resilience Midyear Claims Report, please visit www.CyberResilience.com.

You might also like

cyber resilience framework

UK Business Leaders Struggle to Understand Cyber Risk as a Financial Risk as Three-Quarters of Mid-to-Large Firms Report Breaches

LONDON, Dec. 6, 2024 – Despite the UK Government’s latest figures showing that 74% of mid-to-large UK businesses have experienced cybercrime, IT and financial leaders working at the UK’s largest firms demonstrate a poor understanding of cyber risk as a financial risk, finds a new survey from cyber risk solutions company Resilience. The results demonstrate […]

FAIR vs Resilience

Resilience Names Matthew Polly as Chief Revenue Officer

SAN FRANCISCO, Oct. 16, 2024 (GLOBE NEWSWIRE) — Resilience, the leading cyber risk solutions company, today named industry leader and former CrowdStrike executive Matthew Polly as Chief Revenue Officer (CRO). He will work across Resilience’s executive and senior leadership team to align, integrate, and scale the company’s revenue-generating functions. As Resilience’s primary revenue strategist, Polly […]

Digital Risk: Enterprises Need More Than Cyber Insurance

Resilience Expands Operations to Bring Cyber Resilience to France and Benelux

LONDON, Oct. 1, 2024 — Resilience, the leading cyber risk solutions company, has expanded its European insurance operations to France and Benelux, hiring cyber insurance expert Marijke van Berkom as Head of France & Benelux to lead its efforts to support clients and brokers in the region. Building on successful expansion in the UK, Southern Europe, Ireland, and the Nordics, Resilience will bring its […]

cyber resilience framework

Resilience Adds Key Executives in Claims and Engineering to Accelerate Growth as Leading Cyber Risk Solution Provider

New York, NY – September 3, 2024 – Resilience, the leading cyber risk solutions company, today announced Rebecca Jones has joined the company as Senior Vice President of Engineering and Jeremy Gittler has joined as Global Head of Claims. Both join Resilience as the company continues to experience strong growth and expand to serve enterprises […]

FAIR vs Resilience

Threat actors exploit cybersecurity gaps from M&A and software consolidation, Resilience finds

SAN FRANCISCO, CA – August 13, 2024 – Threat actors evolved their tactics in 2024 to take advantage of business and technology consolidation, the leading cyber risk solution company Resilience found in its Midyear 2024 Cyber Risk Report. Increasing M&A and reliance on ubiquitous software vendors created new opportunities for threat actors to unleash widespread ransomware campaigns by […]

Digital Risk: Enterprises Need More Than Cyber Insurance

Killian Brady Name Resilience Chief Underwriting Officer

New York, NY – July 29, 2024– Resilience, the leading cyber risk company, today has appointed Killian Brady as Chief Underwriting Officer. In the role, Brady will direct and oversee all aspects of the underwriting function for Resilience’s growing portfolio of middle market and large enterprise clients across Resilience’s Cyber and Tech E&O portfolio(s). Brady […]