Resources

Resilience Midyear 2023 Claims Report

Cybercriminals Uplevel Tactics to Deal with Lower Extortion Payment Rate

by Brian Bochner , VP, Marketing
Published

SAN FRANCISCO, CA, October 17, 2023 – Ransomware is entering a new era, as cybercriminals have begun shifting their tactics to bypass security controls by hitting critical vendors and seeking larger targets for extortions, Resilience found in its Midyear 2023 Claims Report.

Among the key findings:

  • Cybercriminals are returning to “big-game hunting.” Attackers are focusing on bigger targets, particularly those organizations with sensitive data that are able to pay larger ransom demands. Two recent examples are MGM Resorts and Caesars Entertainment
  • Third-party vendors become the lead point of failure. Vendor cyber risk has overtaken phishing attacks as the leading point of failure in cybersecurity. Resilience data shows third-party vendor incidents account for 28.9% of its clients’ all-time claims, ahead of phishing at 23.1%.
  • Traditional ransomware expanding to encryption-less extortion. Threat actors are expanding on previous tactics in which they encrypted data and offered decryption keys in exchange for ransoms. Now, Resilience is seeing an increase in encryption-less data exfiltration attacks that threaten to publish sensitive material unless the criminals’ extortion demands are met.

“Ransomware remains a top concern for our clients, with data from firms like Chainalysis showing 2023 is on track to be one of the most active years on record,” said Vishaal “V8” Hariprasad, CEO & Co-Founder of Resilience. “However, ransomware risk can be mitigated to the point that victims can choose not to pay a ransom,” Hariprasad added. “Resilience data shows only 15% of the overall Resilience client base who experienced an extortion incident in the first half of 2023 elected to pay to resolve an incident.” By comparison, for all ransomware attacks analyzed by Coveware, the average payment rate was 39.5% in the first two quarters of this year.

A key event behind the trend in encryption-less extortion was the massive hack in May 2023 of the MOVEit file transfer platform. The attack affected at least 1,000 organizations and more than 60 million individuals whose data was stolen by a notorious ransomware and extortion gang. The gang is continuing to extort payments from victims.

The findings of the Midyear 2023 Claims Report support the Resilience model of a holistic approach to managing risk. Earlier in 2023, the company introduced the Resilience Solution, designed to help companies balance their risk acceptance, risk mitigation, and risk transfer so they can assess, measure, and manage their cyber risk in an integrated and economically efficient manner. To read the Resilience Midyear Claims Report, please visit www.CyberResilience.com.

About the Author
Brian Bochner , VP, Marketing

You might also like

Resilience Names Rich Seiersen as Industry’s First Chief Cyber Resilience Officer

Resilience today announced the appointment of Rich Seiersen, previously Chief Risk Officer, to the role of Chief Cyber Resilience Officer (CCRO). The CCRO is an entirely new leadership position dedicated to aligning business objectives and risk management practices, and one we believe will become widespread in all organizations as they work to build true cyber […]

Resilience to Provide up to £10MM in Cyber Insurance Coverage in the UK and Europe

SAN FRANCISCO, CA, October 4th, 2023 – Cyber risk solution provider Resilience announced today an expansion of its underwriting capacity limits to £10 million for insureds in the United Kingdom and European Union. This increase in capacity is made possible through a partnership with RSA Insurance and R&Q Accredited. This additional capacity adds to the […]

Resilience Raises $100MM Series D Round, Led by Intact Ventures

SAN FRANCISCO, CA, AUGUST 7, 2023 – Resilience today announced a $100MM equity financing round to accelerate its global expansion and scale the adoption of its holistic cyber risk platform, the Resilience Solution, which launched earlier this year. The Series D round was led by Intact Ventures, an affiliate of Resilience’s primary capacity provider, Intact […]

Resilience Promotes CJ Pruzinsky to Global Head of Underwriting & Sales

SAN FRANCISCO, CA, June 8, 2023 – To support Resilience’s international growth and recent new solution launch to help clients better manage their cyber risk, the company has promoted CJ Pruzinsky to Global Head of Underwriting & Sales. Previously, he led the underwriting team from the launch of the company’s managing general agency.  As Global […]

Enhancing Cyber Risk Management with the New Resilience Solution

SAN FRANCISCO, CA, May 1, 2023 – Resilience is proud to introduce its new cyber risk solution, transforming how enterprises assess, measure, and manage risk in an integrated and economically efficient manner. The Resilience Solution offers customers a significantly easier and more effective way to look at their cyber risk holistically and breaks down the […]

Resilience Accelerates Growth With UK Launch

San Francisco, California- September 26, 2022 – Resilience, the next-generation cyber risk company that’s on a mission to help the world become cyber resilient, has expanded its global offering by launching a new operation in London to serve the UK market. This development comes at a time of growth for the company and follows a […]