A New Approach To Cyber Security Helps Resist Extortion

Uploaded on 2023-06-07 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Specialist insurance firm Resilience has launched the first edition of its annual Claims Report, illuminating how a new approach to cyber risk is helping to reverse the trend in ransomware attacks.

At the same time as attacks skyrocketed in late 2022 and early 2023, the Claims Report reveals that nearly 80% of organisations hit by ransomware recovered data and systems without paying a ransom, a marked improvement from current industry standards.

The cost of cyber crime is expected to reach $10.5 Trillion by 2025, outpacing investment in security and insurance by more than a factor of five. With only 65% of organisations stating that they plan to increase security spending this year, a new approach to improve cyber resiliency is needed.

The findings of this analysis shed light on effective strategies to build cyber resilience. In particular, Resilience’s  report reveals that by balancing risk acceptance, mitigation, and transfer, organisations are able to significantly strengthen their ability to recover data and maintain business operations in the face of ransomware attacks, without making an extortion payment.

“We founded Resilience because we believed that the current approach to defending the digital ecosystem was inadequate,” said Vishaal Hariprasad, co-founder and CEO of Resilience. “By bringing together risk, finance, and security roles which previously operated in silos, we can deliver a completely new approach: Cyber Resilience. Our clients’ success in mitigating the threat of ransomware validates this approach and spotlights the opportunity for the digital economy to rethink how they approach risk.”

Key Findings

The Claims Report examines the full year 2022 through the first quarter of 2023 and key finding include:  

  • Ransomware notices grew by 33% into Q3 2022 and then doubled in Q4 2022. This rapid growth held consistent in Q1 2023.
  • Among all primary claim notices, phishing is the lead point of failure (23.4% of all claims). Risk from third-party vendors is a close second at 22.1% of all claims.
  • Ransomware (17.8%) was the leading cause of loss for claims. Transfer fraud (17%) vendor data breaches (11.8%), and business email compromise (10.4%) followed.
  • 100% of Resilience Solution clients were able to avoid making an extortion payment in 2022
  • Resilience clients were half as likely to pay a ransomware extortion, compared to industry averages. 
  • In one example, an educational institution began working with Resilience following two previous breaches to improve its security posture and qualify for better insurance coverage.

Resilience partnered with this educational organisation to implement specific security controls and develop an incident response to mitigate future threats. When the organisation experienced a phishing incident one month later, the issue was resolved within days.

Despite starting with substandard security controls, Resilience was able to work with this client to restore its reputation and shore up its defences against cyber attacks.

“The cyber insurance model is broken,” said Mario Vitale, President of Resilience. “It’s stuck in analog, while the digital world is rapidly changing. We’re doing for cybersecurity what insurance companies did for property, auto, and healthcare: pair technology and finance to shape behaviour and drive better outcomes. The results are impressive, and we’re just getting started.”

The findings of Resilience’s 2022 Claims Report support their model of a holistic approach to managing risk. The company recently introduced the Resilience Solution, which builds on this model to empower organisations with a significantly easier and more effective platform for cyber risk quantification, assessment, control, and financing.

You Might Also Read: 

Take Practical Measures To Avoid An Attack:

____________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« A Decade Of ‘Bad Magic’ In Cyber Espionage
Iranian Hackers Using Windows Kernel Driver »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

HackLabs

HackLabs

HackLabs is a penetration testing company providing services for network security, web application security and social engineering testing.

Allgress

Allgress

Allgress solutions converge disparate risk silos across enterprise networks and automate governance, risk and compliance management processes.

Owl Cyber Defense

Owl Cyber Defense

Owl patented DualDiode Technology enables hardware-enforced network segmentation and deterministic, one-way transfer of all data types and file sizes.

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

Tempest

Tempest

TEMPEST is a leading provider of IT products and services including solutions for network and application security.

Zen360Consult

Zen360Consult

Zen360Consult provides Advisory and Training services in the field of Cyber Resilience, which includes Cyber Security /ISMS and Business Continuity.

Cyber Talents

Cyber Talents

CyberTalents is on a mission to close the gap of cyber security professionals shortage across the globe.

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

GCSCC's work is focused on developing a framework for understanding what works, what doesn’t work and why – across all areas of cybersecurity capacity.

Acreto

Acreto

Acreto is an end-to-end security infrastructure that protects all your technologies with a single, simple cloud service.

Beyond Encryption

Beyond Encryption

Mailock by Beyond Encryption is a secure email solution that allows businesses to exchange email securely, safe in the knowledge that their email can only be read by their intended recipient.

Lavabit

Lavabit

Lavabit's Dark Internet Mail Environment is a secure, open-source, secure end-to-end communications platform for asynchronous messaging across the internet.

watchTowr

watchTowr

Continuous Attack Surface Testing, with the watchTowr Platform. The future of Attack Surface Management.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

NetHope

NetHope

NetHope is a membership-based organization serving the international nonprofit humanitarian, development, and conservation sector through digital transformation.

SkillsDA

SkillsDA

SkillsDA is pureplay company in cyber security involved in capacity building towards National Security.

PayPal Ventures

PayPal Ventures

PayPal Ventures invests in companies at the forefront of innovation in fintech, payments, commerce enablement, artificial intelligence, blockchain and cryptocurrency, regulatory and cyber technology.