In 2024, third-party risk emerged as a primary driver of cyber insurance claims and significant financial losses, according to new data from Resilience, a provider of cyber risk solutions.
As businesses become increasingly reliant on interconnected systems and a broad range of software vendors, third-party risks have become a critical yet often overlooked threat.
Organisations must now manage not only their own cybersecurity but also that of their partners and vendors to prevent severe financial fallout.
Cybercriminals have long exploited vulnerabilities within one organisation to create a ripple effect of disruptions across its entire network. This pattern was evident in high-profile breaches such as those involving PowerSchool, CDK, and Change Healthcare.
“Third-party risk isn’t only making headlines—it’s driving unprecedented losses. While this risk is often invisible until it’s too late, it’s now clear that the industry has reached a tipping point,” commented Vishaal “V8” Hariprasad, Co-Founder and CEO of Resilience.
“Businesses can no longer afford to consider their partners’ vulnerabilities as siloed from their own. By understanding this new reality of shared risk, enterprises can make smarter business decisions and meaningfully mitigate material loss.”
According to Resilience’s latest data, third-party risk—including ransomware attacks and vendor-related outages—accounted for 31% of all cyber insurance claims in 2024. Even more notably, third-party risk led to incurred losses for the first time ever, making up 23% of all incurred claims in 2024, compared to zero in 2023.
Ransomware remained a major cause of financial losses in 2024, with Resilience finding that 43% of incurred claims involved first-party ransomware incidents, while 18% were linked to ransomware attacks targeting vendors. Together, these incidents made up 61% of all claims with losses.
Transfer fraud also grew in prominence, increasing from 14% of incurred claims in 2023 to 18% in 2024, according to Resilience’s findings.
Resilience also observed that certain industries experienced a higher frequency of incurred claims, particularly in transportation, manufacturing, and healthcare.
These sectors’ dependence on outdated operational technologies and the high costs of downtime contributed to their elevated risk. In contrast, healthcare and finance sectors led in claim reporting frequency, driven by stricter regulatory requirements that mandate reporting even when incidents do not cause significant material damage.
Phishing, once a dominant cause of financial loss, showed a significant decrease in 2024. Resilience’s data revealed that phishing accounted for just 9% of incurred claims, a sharp decline from 20% in 2023. This shift reflects the industry’s ongoing adaptation to the changing cybersecurity landscape and the evolving tactics of cybercriminals.
These trends highlight the growing importance of addressing third-party risk, underscoring the need for businesses to protect not only their own systems but also those of their partners and vendors to prevent cascading disruptions and financial losses.
“As a company that provides both cyber risk quantification software and cyber insurance, we have unique insight into how companies are mitigating financial fallout from today’s cybersecurity challenges,” added Jeremy Gittler, Global Head of Claims at Resilience.
“Even in the face of an evolving threat landscape over the past year, enterprises are continuing to make major improvements in how they manage cyber risk and prevent material loss.”
The post Third-party risk emerges as key driver of cyber insurance claims & losses in 2024: Resilience appeared first on ReinsuranceNe.ws.