Cyber policyholders with even one unresolved critical vulnerability are 33% more likely to experience a claim, according to a new report from cyber insurance provider Coalition.
Coalition’s 2023 Cyber Claims Report also found that policyholders who continued to use end-of-life software – products that are no longer supported by their original developer – were three times more likely to suffer a cyber incident. This held true regardless of the organisation’s size.
“Threat actors are forever looking for targets with weak security controls or unprotected infrastructures – these are the paths of least resistance into a company’s network,” said Catherine Lyle, head of claims at Coalition. “Unfortunately, that’s why human inaction, such as not patching a publicised critical vulnerability or updating out-of-date software, is a high risk factor for a cyber incident or cyber claim.”
The Cyber Claims Report also found that human error is as much a risk driver as inaction. Phishing accounted for 76% of reported cyber incidents – more than six times greater than the next most common technique. Overall phishing-related claims have spiked by 29% since the beginning of last year, Coalition found.
Phishing often leads to funds transfer fraud (FTF) or business email compromise, but is also the number-one path used to breach a company’s system for any purpose, the report said.
“It’s a straightforward but critical recommendation: setting up multi-factor authentication is one of the best ways to prevent attackers from getting into an organisation’s network because it provides the person protection even when security is not top of mind,” Lyle said. “For the majority of Coalition’s phishing-related cases, multi-factor authentication would have stopped access and prevented a claim.”
Other key findings include:
Coalition ecently released a new model for understanding cyber risk aggregation.
Have something to say about this story? Let us know in the comments below.