Resilience has released the results of its “Midyear 2024 Cyber Risk Report.” According to the document, increasing M&A and reliance on ubiquitous software vendors created new opportunities for threat actors to unleash widespread ransomware campaigns by exploiting a single point of failure. Resilience utilized data from its research team and insurance claims portfolio to evaluate hacking trends, as well as industry responses.
Read More: Energy Industry Ransomware Report Shows Increased Payments
Key Takeaways
- Ransomware remained the leading cause of loss since January 2023, with 64% of ransomware-related claims resulting in a loss
- 35% of all claims since January 2023 were the result of a vendor data breach or ransom attack exploiting a third-party vendor. In 2024, that number is already 40%.
- Manufacturing and construction saw the largest increases in claims in 2024. Manufacturing rose from 15.2% of all claims in 2023 to 41.7% of all claims in 2024; while construction rose from 6.1% of 2023 claims to 25.0% of 2024 claims.
- Global M&A deal volume increased 36% in the first quarter of 2024, which often resulted in technology consolidation and a significant number of potential new points of failure
On Record
In a recent quote, Tom Egglestone, global head of claims at Resilience, said, “While cybersecurity has historically been considered as a line item in a company’s budget, it’s clear that this is insufficient. Business leaders must adopt a risk-centric approach—one in which security strategies are grounded in the financial translation of cyber threats. At Resilience, this approach has paid dividends. In 2023 and 2024, our clients minimized material losses, rarely paid extortions, and avoided business disruption—not only withstanding the effects of attacks, but coming out stronger on the other side.”
Vishaal “V8” Hariprasad, co-founder and CEO of Resilience, added, “Major attacks like the ones on Change Healthcare, CDK Global, and AT&T have been wreaking havoc and making headlines, but they also remind us that we’re facing a new status quo. Increased vendor interdependence and M&A activity have created an unprecedented opportunity for hackers, with far more points of failure and potential for human error. Now more than ever, we need to rethink how the C-suite approaches cyber risk. Businesses are interconnected like never before, and their resilience now depends on that of their partners and others in the industry.”