Resilience today launched the first edition of its annual Claims Report, illuminating how a new approach to cyber risk is helping to reverse the trend in ransomware attacks. Even as attacks skyrocketed in late 2022 and early 2023, the Claims Report revealed nearly 80% of organizations hit by ransomware recovered data and systems without paying a ransom, a marked improvement from current industry standards.
The cost of cybercrime is expected to reach $10.5 Trillion by 2025, outpacing investment in security and insurance by more than 5X. With only 65% of organizations stating that they plan to increase security spending this year, a new approach to improve cyber resiliency is needed. Resilience's 2022 Claims report reveals that by balancing risk acceptance, mitigation, and transfer, organizations are able to significantly strengthen their ability to recover data and maintain business operations in the face of ransomware attacks, without making an extortion payment.
"We founded Resilience because we believed that the current approach to defending the digital ecosystem was inadequate," said Vishaal "V8" Hariprasad, co-founder and CEO of Resilience. "By bringing together risk, finance, and security roles which previously operated in silos, we can deliver a completely new approach: Cyber Resilience. Our clients' success in mitigating the threat of ransomware validates this approach and spotlights the opportunity for the digital economy to rethink how they approach risk."
Key findings of the Claims Report, which examined the full year 2022 through the first quarter of 2023, include:
- Ransomware notices grew by 33% into Q3 2022 and then doubled in Q4 2022. This rapid growth held consistent in Q1 2023.
- Among all primary claim notices, phishing is the lead point of failure (23.4% of all claims). Risk from third-party vendors is a close second at 22.1% of all claims.
- Ransomware (17.8%) was the leading cause of loss for claims. Transfer fraud (17%) vendor data breaches (11.8%), and business email compromise (10.4%) followed.
- 100% of Resilience Solution clients were able to avoid making an extortion payment in 2022.
- Resilience clients were half as likely to pay a ransomware extortion, compared to industry averages.
The findings of this analysis shed light on effective strategies to build Cyber Resilience. In one example, an educational institution began working with Resilience following two previous breaches to improve its security posture and qualify for better insurance coverage. Resilience partnered with this educational organization to implement specific security controls and develop an incident response to mitigate future threats. When the organization experienced a phishing incident one month later, the issue was resolved within days. Despite starting with lackluster security controls, Resilience was able to work with this client to restore its reputation and shore up its defenses against cyber attacks.
"The cyber insurance model is broken," said Mario Vitale, President of Resilience. "It's stuck in analog, while the digital world is rapidly changing. We're doing for cybersecurity what insurance companies did for property, auto, and healthcare: pair technology and finance to shape behavior and drive better outcomes. The results are impressive, and we're just getting started."
The findings of Resilience's 2022 Claims Report support the Resilience model of a holistic approach to managing risk. The company recently introduced the Resilience Solution, which builds on this model to empower organizations with a significantly easier and more effective platform for cyber risk quantification, assessment, control, and financing.