Coalition finds organisations with unresolved critical vulnerabilities are 33% more likely to experience a cyber claim

Coalition, the world's first Active Insurance provider designed to prevent digital risk before it strikes, released the 2023 edition of its Cyber Claims Report detailing the evolution of cyber trends. The report found that policyholders with even one unresolved critical vulnerability were 33% more likely to experience a claim.

Additionally, policyholders — regardless of organisation size — who continued to use end-of-life software, products no longer supported by their original developers, were three times more likely to suffer from an incident.

 Author's quote

“Threat actors are forever looking for targets with weak security controls or unprotected infrastructures - these are the paths of least resistance into a company’s network,” said Catherine Lyle, Coalition’s Head of Claims, adding “Unfortunately, that’s why human inaction, such as not patching a publicised critical vulnerability or updating out-of-date software, is a high-risk factor for a cyber incident or cyber claim.”

Cyber Claims Report

Overall phishing-related claims have increased by 29% from the beginning of 2022

The 2023 Cyber Claims Report also found that, in addition to human inaction, human error is equally as high of a risk driver. Phishing accounted for 76% of reported incidents—more than six times greater than the next-most popular attack technique. 

Overall phishing-related claims have increased by 29% from the beginning of 2022. Successful phishing frequently leads to funds transfer fraud (FTF) or business email compromise (BEC) events but is also the top path used to get into an organisation’s system for any purpose.

Critical recommendation

“It’s a straightforward but critical recommendation: setting up multi-factor authentication is one of the best ways to prevent attackers from getting into an organisation’s network because it provides the person protection even when security is not top of mind. For a majority of Coalition’s phishing-related cases, multi-factor authentication would have stopped access and prevented a claim,” continued Catherine Lyle. 

Other key findings from the report include:

• Overall claims frequency decreased by 17% from 2021 to 2022.
• FTF frequency slightly decreased in 2022 after sharply rising by 23% in 2021. Similarly, FTF severity flattened in 2022 after a 68% surge.
• When policyholders alerted Coalition to an FTF event, Coalition successfully recovered 66% of lost funds.
• Ransomware claims frequency dropped 54% year-over-year (YoY). Ransomware demands also decreased YoY from $1.2 million in 2021 to $1 million in 2022—a 17.5% drop.
• In 2022, Coalition successfully negotiated ransom payments down for policyholders to an average of 27% of the initial demand. 

Billions of security scans

This report aggregates claims and incident data from 2022, including the highest-profile claim events and cyber attacks that continue to pose risks to all businesses.

By performing billions of security scans across the public internet, sending thousands of critical security alerts, and investigating cyber incidents, Coalition creates a picture of the industry landscape that helps empower organisations to understand their cyber risk better.