Digital Risk: Enterprises Need More Than Cyber Insurance

Resilience Midyear 2023 Claims Report

Cybercriminals Uplevel Tactics to Deal with Lower Extortion Payment Rate

by Brian Bochner , VP, Marketing
Published October 17, 2023

SAN FRANCISCO, CA, October 17, 2023 – Ransomware is entering a new era, as cybercriminals have begun shifting their tactics to bypass security controls by hitting critical vendors and seeking larger targets for extortions, Resilience found in its Midyear 2023 Claims Report.

Among the key findings:

Cybercriminals are returning to “big-game hunting.” Attackers are focusing on bigger targets, particularly those organizations with sensitive data that are able to pay larger ransom demands. Two recent examples are MGM Resorts and Caesars Entertainment.
Third-party vendors become the lead point of failure. Vendor cyber risk has overtaken phishing attacks as the leading point of failure in cybersecurity. Resilience data shows third-party vendor incidents account for 28.9% of its clients’ all-time claims, ahead of phishing at 23.1%.
Traditional ransomware expanding to encryption-less extortion. Threat actors are expanding on previous tactics in which they encrypted data and offered decryption keys in exchange for ransoms. Now, Resilience is seeing an increase in encryption-less data exfiltration attacks that threaten to publish sensitive material unless the criminals’ extortion demands are met.

“Ransomware remains a top concern for our clients, with data from firms like Chainalysis showing 2023 is on track to be one of the most active years on record,” said Vishaal “V8” Hariprasad, CEO & Co-Founder of Resilience. “However, ransomware risk can be mitigated to the point that victims can choose not to pay a ransom,” Hariprasad added. “Resilience data shows only 15% of the overall Resilience client base who experienced an extortion incident in the first half of 2023 elected to pay to resolve an incident.” By comparison, for all ransomware attacks analyzed by Coveware, the average payment rate was 39.5% in the first two quarters of this year.

A key event behind the trend in encryption-less extortion was the massive hack in May 2023 of the MOVEit file transfer platform. The attack affected at least 1,000 organizations and more than 60 million individuals whose data was stolen by a notorious ransomware and extortion gang. The gang is continuing to extort payments from victims.

The findings of the Midyear 2023 Claims Report support the Resilience model of a holistic approach to managing risk. Earlier in 2023, the company introduced the Resilience Solution, designed to help companies balance their risk acceptance, risk mitigation, and risk transfer so they can assess, measure, and manage their cyber risk in an integrated and economically efficient manner. To read the Resilience Midyear Claims Report, please visit www.CyberResilience.com.

About the Author

Brian Bochner , VP, Marketing

Resilience Launches Technology Errors & Omissions Coverage

Resilience, a leading cyber risk management firm, today announced its launch of Technology Errors & Omissions (E&O) coverage for U.S. organizations with $300M–$10B in revenue. With $10M in limits available for both primary and excess placements, the E&O addition to Resilience’s existing cyber insurance offering is poised to further help clients mitigate and cover liability arising from technology products […]

March 6, 2024 | Brian Bochner

Resilience Acquires BreachQuest to Combat Rise of Business Email Compromise

Resilience, a leading cyber risk management firm, has strategically expanded its capabilities through the acquisition of BreachQuest, an innovative incident response technology solution. This move is set against the backdrop of an evolving digital workspace and cloud-based productivity applications, highlighting the critical challenge of securing these environments amidst escalating risks. The integration aims to bolster […]

February 21, 2024 | Marykate Broderick

Resilience Expands Solution to Global Clients with $10 Billion in Revenue

Resilience, a leading cyber risk management provider, has expanded its underwriting authority to serve large global companies with up to $10 billion in annual revenues. The expanded authorities come after a strong year of growth while achieving an industry-leading loss ratio reflecting the success in defending clients from costly cyber incidents. Through 2023, fewer than […]

January 29, 2024 | Davis Hake

Resilience Names Rich Seiersen as Industry’s First Chief Cyber Resilience Officer

Resilience today announced the appointment of Rich Seiersen, previously Chief Risk Officer, to the role of Chief Cyber Resilience Officer (CCRO). The CCRO is an entirely new leadership position dedicated to aligning business objectives and risk management practices, and one we believe will become widespread in all organizations as they work to build true cyber […]

December 5, 2023 | Davis Hake

Resilience to Provide up to £10MM in Cyber Insurance Coverage in the UK and Europe

SAN FRANCISCO, CA, October 4th, 2023 – Cyber risk solution provider Resilience announced today an expansion of its underwriting capacity limits to £10 million for insureds in the United Kingdom and European Union. This increase in capacity is made possible through a partnership with RSA Insurance and R&Q Accredited. This additional capacity adds to the […]

October 4, 2023 | Davis Hake

Resilience Raises $100MM Series D Round, Led by Intact Ventures

SAN FRANCISCO, CA, AUGUST 7, 2023 – Resilience today announced a $100MM equity financing round to accelerate its global expansion and scale the adoption of its holistic cyber risk platform, the Resilience Solution, which launched earlier this year. The Series D round was led by Intact Ventures, an affiliate of Resilience’s primary capacity provider, Intact […]

August 7, 2023 | Davis Hake