Digital Risk: Enterprises Need More Than Cyber Insurance

Resilience Midyear 2023 Claims Report

Cybercriminals Uplevel Tactics to Deal with Lower Extortion Payment Rate

by Brian Bochner , VP, Marketing
Published October 17, 2023

SAN FRANCISCO, CA, October 17, 2023 – Ransomware is entering a new era, as cybercriminals have begun shifting their tactics to bypass security controls by hitting critical vendors and seeking larger targets for extortions, Resilience found in its Midyear 2023 Claims Report.

Among the key findings:

Cybercriminals are returning to “big-game hunting.” Attackers are focusing on bigger targets, particularly those organizations with sensitive data that are able to pay larger ransom demands. Two recent examples are MGM Resorts and Caesars Entertainment.
Third-party vendors become the lead point of failure. Vendor cyber risk has overtaken phishing attacks as the leading point of failure in cybersecurity. Resilience data shows third-party vendor incidents account for 28.9% of its clients’ all-time claims, ahead of phishing at 23.1%.
Traditional ransomware expanding to encryption-less extortion. Threat actors are expanding on previous tactics in which they encrypted data and offered decryption keys in exchange for ransoms. Now, Resilience is seeing an increase in encryption-less data exfiltration attacks that threaten to publish sensitive material unless the criminals’ extortion demands are met.

“Ransomware remains a top concern for our clients, with data from firms like Chainalysis showing 2023 is on track to be one of the most active years on record,” said Vishaal “V8” Hariprasad, CEO & Co-Founder of Resilience. “However, ransomware risk can be mitigated to the point that victims can choose not to pay a ransom,” Hariprasad added. “Resilience data shows only 15% of the overall Resilience client base who experienced an extortion incident in the first half of 2023 elected to pay to resolve an incident.” By comparison, for all ransomware attacks analyzed by Coveware, the average payment rate was 39.5% in the first two quarters of this year.

A key event behind the trend in encryption-less extortion was the massive hack in May 2023 of the MOVEit file transfer platform. The attack affected at least 1,000 organizations and more than 60 million individuals whose data was stolen by a notorious ransomware and extortion gang. The gang is continuing to extort payments from victims.

The findings of the Midyear 2023 Claims Report support the Resilience model of a holistic approach to managing risk. Earlier in 2023, the company introduced the Resilience Solution, designed to help companies balance their risk acceptance, risk mitigation, and risk transfer so they can assess, measure, and manage their cyber risk in an integrated and economically efficient manner. To read the Resilience Midyear Claims Report, please visit www.CyberResilience.com.

About the Author

Brian Bochner , VP, Marketing

Resilience Doubles Cyber Insurance Limits to $20 Million Through Partnership with Lloyd’s Insurance Facility

SAN FRANCISCO, CA, July 1, 2024 – Resilience, the leading cyber risk solution company, has doubled the cyber insurance limits it can offer to clients in the US to $20 million per client. This announcement follows the launch of new features and capabilities that enable enterprises to continuously manage the mitigation and transfer of cyber […]

July 1, 2024 | Whitney Glockner Black

Resilience Named Cyber MGA of the Year in 2024 Zywave Cyber Risk Awards

SAN FRANCISCO, CA, June 17, 2024 – Resilience, the leading cyber risk solutions company, has been voted Cyber MGA of the Year in the 2024 Zywave Cyber Risk Awards. Now in their 11th year, the Cyber Risk Awards honor individuals and companies at the forefront of the cyber risk industry. More than 10,000 votes were […]

June 17, 2024 | Whitney Glockner Black

Resilience Launches Technology Errors & Omissions Coverage

Resilience, a leading cyber risk management firm, today announced its launch of Technology Errors & Omissions (E&O) coverage for U.S. organizations with $300M–$10B in revenue. With $10M in limits available for both primary and excess placements, the E&O addition to Resilience’s existing cyber insurance offering is poised to further help clients mitigate and cover liability arising from technology products […]

March 6, 2024 | Brian Bochner

Resilience Acquires BreachQuest to Combat Rise of Business Email Compromise

Resilience, a leading cyber risk management firm, has strategically expanded its capabilities through the acquisition of BreachQuest, an innovative incident response technology solution. This move is set against the backdrop of an evolving digital workspace and cloud-based productivity applications, highlighting the critical challenge of securing these environments amidst escalating risks. The integration aims to bolster […]

February 21, 2024 | Marykate Broderick

Resilience Expands Solution to Global Clients with $10 Billion in Revenue

Resilience, a leading cyber risk management provider, has expanded its underwriting authority to serve large global companies with up to $10 billion in annual revenues. The expanded authorities come after a strong year of growth while achieving an industry-leading loss ratio reflecting the success in defending clients from costly cyber incidents. Through 2023, fewer than […]

January 29, 2024 | Davis Hake

Resilience Names Rich Seiersen as Industry’s First Chief Cyber Resilience Officer

Resilience today announced the appointment of Rich Seiersen, previously Chief Risk Officer, to the role of Chief Cyber Resilience Officer (CCRO). The CCRO is an entirely new leadership position dedicated to aligning business objectives and risk management practices, and one we believe will become widespread in all organizations as they work to build true cyber […]

December 5, 2023 | Davis Hake