A New Approach To Cyber Security Helps Resist Extortion

Uploaded on 2023-06-07 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Specialist insurance firm Resilience has launched the first edition of its annual Claims Report, illuminating how a new approach to cyber risk is helping to reverse the trend in ransomware attacks.

At the same time as attacks skyrocketed in late 2022 and early 2023, the Claims Report reveals that nearly 80% of organisations hit by ransomware recovered data and systems without paying a ransom, a marked improvement from current industry standards.

The cost of cyber crime is expected to reach $10.5 Trillion by 2025, outpacing investment in security and insurance by more than a factor of five. With only 65% of organisations stating that they plan to increase security spending this year, a new approach to improve cyber resiliency is needed.

The findings of this analysis shed light on effective strategies to build cyber resilience. In particular, Resilience’s  report reveals that by balancing risk acceptance, mitigation, and transfer, organisations are able to significantly strengthen their ability to recover data and maintain business operations in the face of ransomware attacks, without making an extortion payment.

“We founded Resilience because we believed that the current approach to defending the digital ecosystem was inadequate,” said Vishaal Hariprasad, co-founder and CEO of Resilience. “By bringing together risk, finance, and security roles which previously operated in silos, we can deliver a completely new approach: Cyber Resilience. Our clients’ success in mitigating the threat of ransomware validates this approach and spotlights the opportunity for the digital economy to rethink how they approach risk.”

Key Findings

The Claims Report examines the full year 2022 through the first quarter of 2023 and key finding include:  

  • Ransomware notices grew by 33% into Q3 2022 and then doubled in Q4 2022. This rapid growth held consistent in Q1 2023.
  • Among all primary claim notices, phishing is the lead point of failure (23.4% of all claims). Risk from third-party vendors is a close second at 22.1% of all claims.
  • Ransomware (17.8%) was the leading cause of loss for claims. Transfer fraud (17%) vendor data breaches (11.8%), and business email compromise (10.4%) followed.
  • 100% of Resilience Solution clients were able to avoid making an extortion payment in 2022
  • Resilience clients were half as likely to pay a ransomware extortion, compared to industry averages. 
  • In one example, an educational institution began working with Resilience following two previous breaches to improve its security posture and qualify for better insurance coverage.

Resilience partnered with this educational organisation to implement specific security controls and develop an incident response to mitigate future threats. When the organisation experienced a phishing incident one month later, the issue was resolved within days.

Despite starting with substandard security controls, Resilience was able to work with this client to restore its reputation and shore up its defences against cyber attacks.

“The cyber insurance model is broken,” said Mario Vitale, President of Resilience. “It’s stuck in analog, while the digital world is rapidly changing. We’re doing for cybersecurity what insurance companies did for property, auto, and healthcare: pair technology and finance to shape behaviour and drive better outcomes. The results are impressive, and we’re just getting started.”

The findings of Resilience’s 2022 Claims Report support their model of a holistic approach to managing risk. The company recently introduced the Resilience Solution, which builds on this model to empower organisations with a significantly easier and more effective platform for cyber risk quantification, assessment, control, and financing.

You Might Also Read: 

Take Practical Measures To Avoid An Attack:

____________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« A Decade Of ‘Bad Magic’ In Cyber Espionage
Iranian Hackers Using Windows Kernel Driver »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Zayo

Zayo

Zayo is a leading global bandwidth infrastructure services provider for high-performance connectivity, secure colocation and flexible cloud services.

Cyber Security Centre - University of Hertfordshire

Cyber Security Centre - University of Hertfordshire

The Cyber Security Centre provides training, teaching and research in the fast paced topics of cyber security and digital forensics.

Athena Forensics

Athena Forensics

Athena Forensics is one of the UK's leading providers of Computer Forensics, Mobile Phone Forensics, Cell Site Analysis and Expert Witness Services.

Modux

Modux

Modux focus on a number of core competencies across cyber security including; cyber intelligence & analytics, penetration testing and training.

iONLINE

iONLINE

iONLINE delivers high quality IT services and solutions to businesses in Azerbaijan.

Araxxe

Araxxe

Araxxe delivers Revenue Assurance, End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

Yelbridges

Yelbridges

Yelbridges is your reliable partner in all fields of IT-Security, from developing of Security Policies and Guidelines to the design and implementation of secure processes.

Simplilearn

Simplilearn

Simplilearn is the world's #1 online bootcamp for digital skills training in disciplines such as Cyber Security, Cloud Computing, Project Management, Digital Marketing, and Data Science.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

Nassec

Nassec

Nassec is a Cyber Security firm dedicated to providing the best vulnerability management solutions. We offer tailor-made cyber security solutions based upon your requirements and nature of business.

Neosec

Neosec

We’re reinventing API security. Understanding behavior requires data, analytics, and intelligence. Neosec brings XDR techniques to application security.

Drumz

Drumz

Drumz plc is an investment company whose investing policy is to invest principally but not exclusively in the technology sector within Europe.

VicOne

VicOne

With a vision to secure the vehicles of tomorrow, VicOne delivers a broad portfolio of cybersecurity software and services for the automotive industry.

QANplatform

QANplatform

QANplatform is a Quantum-resistant hybrid blockchain platform.

Ebryx

Ebryx

At Ebryx, we are at the forefront of cybersecurity innovation, leveraging over a decade of expertise to protect and empower organizations worldwide.