In 2024, third-party cyberattacks became a leading cause of financial losses, with ransomware attacks on vendors like CDK leading to a significant rise in claims. Third-party incidents now make up 31% of all insurance claims and 23% of material losses. Ransomware, especially targeting external vendors, was the biggest contributor, demonstrating the risks associated with interconnected systems and vendor reliance. This year, vendors were a primary focus for cybercriminals, highlighting the growing vulnerabilities that organizations face when working with external partners.
As ransomware claims remain high, there has been a noticeable decline in phishing incidents, dropping 55% compared to 2023.
The fall in phishing claims reflects improvements in defenses and a shift in threat actors’ focus toward third-party attacks. However, transfer fraud claims have surged, rising from 14% to 18% of all claims, as cybercriminals increasingly use AI to amplify social engineering tactics. This trend highlights how scammers are using more sophisticated methods to exploit human psychology and manipulate individuals into transferring funds.
The rise in third-party attacks has prompted insurers to adjust their risk assessments and underwriting practices, signaling a shift in how these threats are perceived.
Companies are encouraged to take a proactive approach by implementing stronger internal controls, educating employees on fraud prevention, and improving financial transaction verification processes. With ransomware continuing to be the leading cause of material losses, businesses are advised to invest in cybersecurity measures to reduce vulnerabilities. As third-party risk grows, the need for comprehensive risk management strategies has never been more critical.
Despite a decrease in overall ransomware frequency, the larger, high-profile organizations remain a primary target, as they offer more lucrative rewards. This change in attack patterns has led experts to emphasize the importance of reassessing organizational cybersecurity strategies and ensuring systems are properly fortified against evolving cyber threats. With cybercriminals now focusing on high-value targets, businesses must remain vigilant and prioritize the safety of their sensitive data. To stay ahead of these threats, organizations are advised to integrate advanced security measures and adopt more robust incident response plans.
Reference:
