Coalition, the world’s first Active Insurance provider designed to prevent digital risk before it strikes, today released the 2023 edition of its Cyber Claims Report detailing the evolution of cyber trends. The report found that policyholders with even one unresolved critical vulnerability were 33% more likely to experience a claim. Additionally, policyholders—regardless of organization size—who continued to use end-of-life software, products no longer supported by their original developers, were three times more likely to suffer from an incident.
“Threat actors are forever looking for targets with weak security controls or unprotected infrastructures – these are the paths of least resistance into a company’s network,” said Catherine Lyle, Coalition’s Head of Claims. “Unfortunately, that’s why human inaction, such as not patching a publicized critical vulnerability or updating out-of-date software, is a high risk factor for a cyber incident or cyber claim.”
The 2023 Cyber Claims Report also found that, in addition to human inaction, human error is equally as high of a risk driver. Phishing accounted for 76% of reported incidents — more than six times greater than the next-most popular attack technique. Overall phishing-related claims have increased by 29% from the beginning of 2022. Successful phishing frequently leads to funds transfer fraud (FTF) or business email compromise (BEC) events but is also the top path used to get into an organization’s system for any purpose.
“It’s a straightforward but critical recommendation: setting up multi-factor authentication is one of the best ways to prevent attackers from getting into an organization’s network because it provides the person protection even when security is not top of mind. For the majority of Coalition’s phishing-related cases, multi-factor authentication would have stopped access and prevented a claim,” continued Lyle.
Other key findings from the report include:
- Overall claims frequency decreased by 17% from 2021 to 2022.
- FTF frequency slightly decreased in 2022 after sharply rising by 23% in 2021. Similarly, FTF severity flattened in 2022 after a 68% surge.
- When policyholders alerted Coalition to an FTF event, Coalition successfully recovered 66% of lost funds.
- Ransomware claims frequency dropped 54% year-over-year (YoY). Ransomware demands also decreased YoY from $1.2 million in 2021 to $1 million in 2022 — a 17.5% drop.
In 2022, Coalition successfully negotiated ransom payments down for policyholders to an average of 27% of the initial demand.
This report aggregates claims and incident data from 2022, including the highest-profile claim events and cyber attacks that continue to pose risks to all businesses. By performing billions of security scans across the public internet, sending thousands of critical security alerts, and investigating cyber incidents, Coalition creates a picture of the industry landscape that helps empower organizations to understand their cyber risk better.
Download the full 2023 Cyber Claims Report from Coalition to learn more: https://info.coalitioninc.com/download-2023-cyber-claims-report.html.
About Coalition
Coalition is the world’s first Active Insurance provider designed to help prevent digital risk before it strikes. By combining comprehensive insurance coverage and cybersecurity tools, Coalition helps businesses manage and mitigate digital risks. Coalition offers its Active Insurance products in the U.S., U.K., and Canada through relationships with leading global insurers, as well as cyber capacity through its own carrier, Coalition Insurance Company. Coalition’s Active Risk Platform provides automated security alerts, threat intelligence, expert guidance, and cybersecurity tools to help businesses worldwide remain resilient against cyber attacks. Headquartered in San Francisco, Coalition is a distributed company with a global workforce that collaborates digitally and in office hubs.