New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem.
If you’ve read enough of my articles, you already know my view is a bit skewed towards the need for organizations to be aware of the true dangers of email-based cyber attacks.
But, because these attacks continue using the same methods, I feel it’s important to equally continue to remind you of the repercussions of such attacks.
Today’s learning opportunity comes from the cybersecurity insurance provider Coalition’s 2024 Cyber Claims Report. In it we find a comparative data from 2021 through 2023 and see two attention-capturing stats:
- The frequency of claims has increased 13% YoY
- The average claim has increased 10% YoY
And it appears that these increases were experienced by organizations of all sizes; according to the report, when breaking out claim frequency by an organization’s revenue, organizations of all sizes experienced increases in both the first and second half of 2023 (as shown below).
The report also highlights that the average loss amount last year was just slightly over $100,000. This feels like a number you should be paying attention to; as it’s both a material amount and a number that most organizations (regardless of size) will find relatable.
But what’s behind the attacks themselves? We already know that stopping an attack is far less expensive than paying for the aftermath – even if organizations get an insurance payout.
As we dig into the claim specifics, a common theme emerges around how the attacks began. Take a look at the figure to the right showing the breakout of claims related to ransomware, fraudulent transfer of funds, business email compromise, and other types of cyber attacks.
In the case of fraudulent transfer of funds and business email compromise claims — which represent 56% of all claims, Coalition specifically discusses the need for email security, implying that the attacks behind just over half of all claims involved the use of phishing and social engineering.
I’d also like to point out that ransomware (seen in an additional 19% of claims) was primarily carried out — according to the report — by Lockbit 3.0 and Black Cat, These two Ransomware as a Service threat groups that are both known to utilize all forms of initial access — including phishing.
The point here is that it’s reasonable to assume that some portion of the ransomware attacks also involved phishing. This should make phishing priority number one for organizations that want to stop cyber attacks that can result in needing to file a claim against their cyber insurance policy.
Coalition’s call for improved email security is sound, but we also know that 1 in 7 email-based threats make it all the way to the inbox. So, it’s necessary to put a key security control here — the user. With proper new-school security awareness training, users become part of an organization’s security controls, quickly identifying malicious links, attachments and email content for what it is, and rendering it powerless by not engaging with it and reporting it to IT or Security teams.
From the Coalition report data, it looks like threat actors are continuing to improve their game while organizations remain unprepared — a dangerous combination that results in cyber insurance claims. The only way to stop this is to pay attention to the data, look at the root cause of these claims (read: phishing attacks) and address it with effective security controls that should include your users.