A recent report by Resilience, a cyber risk solution provider, warns that hackers are taking advantage of growing “merger and acquisition (M&A) activity, coupled with reliance on ubiquitous software vendors” to carry out widespread ransomware campaigns.
The Midyear 2024 Cyber Risk Report uses data from Resilience’s threat research team and insurance claims portfolio to analyze cyber incident trends. Highlights from this analysis include that ransomware continues to be the leading cause of loss since January 2023, with 64% of ransomware-related claims resulting in a loss.
Interconnected and interdependent
In its analysis, Resilience found that some recent major cyber attacks “involved heavily interconnected systems or recently acquired companies. Vendor-driven claims are the fastest-growing area of claims in our portfolio, and are now the fastest growing cause of loss for claims overall,” explains the report, which adds that while 35% of claims originated from vendor failure in 2023, this has risen to 40% so far in 2024 and is expected to keep rising. “No matter how effectively a company defends its own digital environment, businesses are interconnected and interdependent on the cyber resilience of others,” warns Resilience.
High profile incidents
The report says recent high-profile cyber incidents illustrate “that an attack on a heavily interconnected system can have devastating, long-lasting effects downstream —even to the point of putting an entire economic system on hold.”
One example cited by Resilience is that of Change Healthcare. The company – acquired by UnitedHealth in late 2022 – was hit by a cyberattack in February 2024. “Suddenly, the firm was unable to make payments or pre-approve treatment, creating serious issues for doctors, hospitals, and patients,” explains the report. The firm paid out a $22M ransom.
As an example of vendor risk, the report highlights the case of CDK which was infected by ransomware in June 2024. This attack paralyzed and took many of its systems offline, explains Resilience. “Sales ground to a halt as dealers scrambled to sell cars by reverting to spreadsheets and paper contracts.” Car dealers, automakers and customers were all impacted in various ways by this incident.
Financial severity of claims
Resilience’s analysis found that the financial severity of claims related to ransomware attacks increased 411% from 2022 to 2023. “However, Resilience clients’ losses did not always result from paying extortion fees; fewer than 10% of clients paid extortion fees, the remainder opting to recover without paying a ransom.”
This dramatic increase in claims underlines that costs are rising to “recover from ransomware attacks regardless of whether an extortion is paid,” says the report.
Resilience also detailed that since January 2023, 35% of claims in its portfolio resulted from “a vendor data breach or ransom attack exploiting a third-party vendor.” In 2024, this percentage has grown to 40%, and is expected to go higher, says the firm.
“Increased vendor interdependence and M&A activity have created an unprecedented opportunity for hackers, with far more points of failure and potential for human error,” stated Vishaal Hariprasad, co-founder and CEO of Resilience. “Now more than ever, we need to rethink how the C-suite approaches cyber risk. Businesses are interconnected like never before, and their resilience now depends on that of their partners and others in the industry.”