Coalition Finds Organizations with Unresolved Critical Vulnerabilities Are 33% More Likely to Experience a Cyber Claim

New 2023 Cyber Claims Report From Coalition Also Confirms Human Error or Inaction as the Top Exploited Attack Vector, with Organizations Using End-of-Life Software Experiencing Three Times More Claims

SAN FRANCISCO--()--Coalition, the world's first Active Insurance provider designed to prevent digital risk before it strikes, today released the 2023 edition of its Cyber Claims Report detailing the evolution of cyber trends. The report found that policyholders with even one unresolved critical vulnerability were 33% more likely to experience a claim. Additionally, policyholders—regardless of organization size—who continued to use end-of-life software, products no longer supported by their original developers, were three times more likely to suffer from an incident.

Threat actors are forever looking for targets with weak security controls or unprotected infrastructures - these are the paths of least resistance into a company’s network,” said Catherine Lyle, Coalition’s Head of Claims. “Unfortunately, that’s why human inaction, such as not patching a publicized critical vulnerability or updating out-of-date software, is a high risk factor for a cyber incident or cyber claim.”

The 2023 Cyber Claims Report also found that, in addition to human inaction, human error is equally as high of a risk driver. Phishing accounted for 76% of reported incidents — more than six times greater than the next-most popular attack technique. Overall phishing-related claims have increased by 29% from the beginning of 2022. Successful phishing frequently leads to funds transfer fraud (FTF) or business email compromise (BEC) events but is also the top path used to get into an organization’s system for any purpose.

It’s a straightforward but critical recommendation: setting up multi-factor authentication is one of the best ways to prevent attackers from getting into an organization’s network because it provides the person protection even when security is not top of mind. For the majority of Coalition’s phishing-related cases, multi-factor authentication would have stopped access and prevented a claim,” continued Lyle.

Other key findings from the report include:

  • Overall claims frequency decreased by 17% from 2021 to 2022.
  • FTF frequency slightly decreased in 2022 after sharply rising by 23% in 2021. Similarly, FTF severity flattened in 2022 after a 68% surge.
  • When policyholders alerted Coalition to an FTF event, Coalition successfully recovered 66% of lost funds.
  • Ransomware claims frequency dropped 54% year-over-year (YoY). Ransomware demands also decreased YoY from $1.2 million in 2021 to $1 million in 2022 — a 17.5% drop.
  • In 2022, Coalition successfully negotiated ransom payments down for policyholders to an average of 27% of the initial demand.

This report aggregates claims and incident data from 2022, including the highest-profile claim events and cyber attacks that continue to pose risks to all businesses. By performing billions of security scans across the public internet, sending thousands of critical security alerts, and investigating cyber incidents, Coalition creates a picture of the industry landscape that helps empower organizations to understand their cyber risk better.

Download the full 2023 Cyber Claims Report from Coalition to learn more: https://info.coalitioninc.com/download-2023-cyber-claims-report.html.

About Coalition

Coalition is the world's first Active Insurance provider designed to help prevent digital risk before it strikes. By combining comprehensive insurance coverage and cybersecurity tools, Coalition helps businesses manage and mitigate digital risks. Coalition offers its Active Insurance products in the U.S., U.K., and Canada through relationships with leading global insurers, as well as cyber capacity through its own carrier, Coalition Insurance Company. Coalition's Active Risk Platform provides automated security alerts, threat intelligence, expert guidance, and cybersecurity tools to help businesses worldwide remain resilient against cyber attacks. Headquartered in San Francisco, Coalition is a distributed company with a global workforce that collaborates digitally and in office hubs.

Insurance products are offered by Coalition Insurance Solutions Inc. (“CIS”), a licensed insurance producer and surplus lines broker with its principal place of business in San Francisco, CA (Cal. license #0L76155), acting on behalf of a number of unaffiliated insurance companies and available on an admitted basis through Coalition Insurance Company (“CIC”) a licensed insurance underwriter (NAIC #29530). Insurance products offered through CIS and CIC may not be available in all states. CIS may receive compensation from an insurer or other intermediary in connection with the sale of insurance. All decisions regarding any insurance products referenced herein, including approval for coverage, premium, commission, and fees, will be made solely by the insurer underwriting the insurance under the insurer’s then-current criteria. All insurance products are governed by the terms, conditions, limitations, and exclusions set forth in the applicable insurance policy. Please see a copy of your policy for the full terms, conditions, and exclusions. Copyright © 2023. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc. or its affiliates.

Contacts

Marisa Graves
Communications at Coalition
press@coalitioninc.com

Contacts

Marisa Graves
Communications at Coalition
press@coalitioninc.com