Outdated technology, poor software maintenance, and the dreaded clicking of a malicious link were most to blame for cyber insurance claims experienced by policyholders in 2022, according to a new report from Coalition.
“Threat actors are forever looking for targets with weak security controls or unprotected infrastructures – these are the paths of least resistance into a company’s network,” said Catherine Lyle, Coalition’s head of claims. “Unfortunately, that’s why human inaction, such as not patching a publicized critical vulnerability or updating out-of-date software, is a high risk factor for a cyber incident or cyber claim.”
Overall claims frequency in 2022 was down 22% compared to the prior year, said Coalition in its latest Cyber Claims Report. Claims severity increased 7% to an average loss of nearly $169,000.
Claims at Coalition involving ransomware dropped 54% year-over-year and ransom demands decreased from $1.2 million in 2021 to $1 million in 2022. Last year, funds transfer fraud (FTF) and business email compromise (BEC) unseated ransomware as the leading causes for a claim, as phishing accounted for 76% of reported incidents.
Coalition said severity of FTF claims plateaued in 2022 after a surge in 2021. The company said it recovered 66% of lost funds when alerted to FTF, but recovering funds has become more complex due to “dwell time” – the amount of time a hacker remains in a network before initiating a FTF event. In 2022, the average dwell time associated with FTF events was 42 days, an increase from 24 days in 2021. This means threat actors are spending more time learning about an organization and hiding evidence of crimes.
Phishing often lead to FTF and BEC claims in 2022 and new technologies are helping the mode of attack. Coalition said threat actors have started using artificial intelligence tools to write better emails and translate languages for use across more areas of the world.
The analysis of claims continued to point to threat actors using less-sophisticated methods to take advantage of organizations’ employees and poor network hygiene. The report found that policyholders with even one unresolved critical vulnerability were 33% more likely to experience a claim.
“A majority of incidents we observed could have been prevented with the right security controls and an active approach to cyber risk management,” said Coalition.