Threat actors evolved their tactics in 2024 to take advantage of business and technology consolidation, cyber-risk solution company Resilience found in its Midyear 2024 Cyber Risk Report.
Increasing M&A and reliance on ubiquitous software vendors created new opportunities for threat actors to unleash widespread ransomware campaigns by exploiting a single point of failure. Some of the most disruptive cyberattacks over the past year involved heavily interconnected systems or recently acquired companies, to devastating effect – even putting entire economic sectors on hold.
The MidYear 2024 Cyber Risk Report leverages data from Resilience’s Threat Intelligence team and insurance claims portfolio to analyse trends in hacking activity and industry responses. Key findings include:
- Ransomware remained the leading cause of loss since January 2023, with 64% of ransomware-related claims resulting in a loss. The financial severity of claims related to ransomware attacks increased 411% from 2022 to 2023.
- Ransomware attacks on Change Healthcare and CDK Global, as well as the PanOS zero-day vulnerability, represented 2024’s top claim-driving events thus far.
- Of all claims received since January 2023, 35% were the result of a vendor data breach or ransom attack exploiting a third-party vendor – including notable vulnerabilities associated with Ivanti software – and in 2024 that number is already 40%, and expected to grow.
- The BlackCat hacking group – responsible for the Change Healthcare cyberincident – entered 2024 with an existing track record: in 2023, the group topped the list of most costly attacks, with BlackCat attacks accounting for 18% of covered losses from ransomware.
- Two sectors saw the largest increases in claims in 2024: manufacturing and construction. Manufacturing rose from 15.2% of all claims in 2023 to 41.7% of all claims in 2024; while construction rose from 6.1% of 2023 claims to 25.0% of 2024 claims.
Global M&A deal volume increased 36% in the first quarter of 2024. While this growth can be seen as a sign of positive economic development, it can also create a staggering number of potential new points of failure. Similarly, technology consolidation – in which industries rely on single suppliers for critical platform services – have proven to lead to catastrophic effects downstream if a single supplier is breached. In addition to potential ransom payments, impacted organisations typically face significant business interruption and lost revenue.
“Major attacks like the ones on Change Healthcare, CDK Global, and AT&T have been wreaking havoc and making headlines, but they also remind us that we’re facing a new status quo. Increased vendor interdependence and M&A activity have created an unprecedented opportunity for hackers, with far more points of failure and potential for human error,” said Vishaal ‘V8’ Hariprasad, Co-founder and CEO of Resilience.
“Now more than ever, we need to rethink how the C-suite approaches cyber-risk. Businesses are interconnected like never before, and their resilience now depends on that of their partners and others in the industry.”
Resilience’s combination of cyber-insurance offerings, risk quantification and cybersecurity expertise helps clients get ahead of emerging threats – and bounce back faster from cyberincidents that do occur. Over 90% of Resilience clients that directly experienced a ransomware attack in 2023-2024 avoided paying an extortion fee. In fact, even as incidents tied to Lockbit or Cl0p ransomware grew over the past year, Resilience clients were able to effectively mitigate and manage these destructive threats, and avoided paying any extortion fees tied to these hacking groups.
“While cybersecurity has historically been considered as a line item in a company’s budget, it’s clear that this is insufficient,” said Tom Egglestone, Global Head of Claims at Resilience.
“Business leaders must adopt a risk-centric approach – one in which security strategies are grounded in the financial translation of cyber threats. At Resilience, this approach has paid dividends. In 2023 and 2024, our clients minimised material losses, rarely paid extortions, and avoided business disruption – not only withstanding the effects of attacks, but coming out stronger on the other side.”
Click below to share this article
