cyber resilience framework
Threatonomics

Five Predictions on the State of Cyber Claims in 2024

What can our 2023 Mid-Year Claims Report tell us about the state of cyber risk in the year ahead?

by Tom Egglestone
Published

In the ever-evolving world of cybersecurity, claims data can teach us a lot about the state of digital risk. 

The Resilience Mid-Year 2023 Claims Report gave us a fascinating glimpse into how cybercriminal tactics are morphing in the face of enhanced security measures by businesses worldwide.

Attackers have been upping the ante as businesses beef up their cyber defenses. This cat-and-mouse game revealed a strategic pivot to encryption-less ransoms and a resurgence in targeting high-value entities (ie – “Big Game Hunting.”) This shift not only underscores the adaptability of cybercriminals but also flags third-party risk as a critical vulnerability point.

Reviewing data from the past year, we can begin to make predictions for cyber claims in the coming months, such as the continued growth in third-party attacks, more convincing phishing messaging, and more stringent rules around incident reporting. As we enter 2024, the cyber insurance industry must work to stay ahead of these trends to continue supporting their clients and their portfolios.

1. The Domino Effect of Third-Party Vulnerabilities – A Growing Risk for Interconnected Businesses. 

Given the successes of third-party attacks, it’s likely 2024 will see more breaches of third-party suppliers in order to scale the impact of attacks against multiple enterprises. Businesses of all sizes increasingly rely on Third-party and SaaS products for critical IT processes, with the average organization in 2022 using up to 130 SaaS products for front and back-office services. Unfortunately, one weak link in the supply chain is all it takes to cause even the most secure organizations to experience a damaging incident. 

Threat actors can gain wide access to multiple organizations when a SaaS provider is breached, increasing their likelihood of a successful ransom demand. This makes these kinds of attacks both appealing and economical for threat actors. In the first half of 2023, third-party vendor risk became the leading cause of loss that impacted Resilience claims. As a result, Resilience predicts this trend will remain a top cause of loss and point of failure in 2024. 

Organizations must thoroughly audit their third-party providers as these attacks grow more common. Third-party cybersecurity and insurance protocols must meet the same objectives and standards as the organizations that use them to avoid gaps in their attack surface. Continuous monitoring and evaluation of this extended attack surface will be critical to managing this increasingly challenging threat.  

2. The Double-Edged Sword of AI – New Tech Almost Always Presents New Challenges in Cyber. 

As the world begins to change with the widespread use of large language models (LLMs) and AI, social engineering-based cyber attacks will become more proficient and difficult to detect. Previous tip-offs of phishing messages, such as grammatical errors or unusual sentences, will become less effective in determining a false message. The use of AI in human engineering attacks will elevate the believability of these messages in ways we have never seen before, creating a need for even more stringent cybersecurity training. “The reality is there will always be a human in the chain somewhere,” said Tom Egglestone, Global Head of Claims at Resilience, “that is why it is vital that business leaders adopt an approach that considers both the technical and the human elements of cyber risk management.” 

Resilience experts predict that the advancement of AI will have a two-fold impact on claims in 2024, with an increase of successful social engineering attacks as well as a continued growth in supply chain and third-party breaches conducted through weaknesses within systems powered solely by AI. Organizations should be cautious of an overreliance on automated systems, which have the potential to be easily exploited in their early phases. Businesses using AI within their supply chain must remain vigilant and keep a human in the loop to manage and monitor these processes as we come to better understand the vulnerabilities they create. 

3. Navigating the Regulatory Maze – New Rules Lead to New Cyber Risk Management Strategies. 

2023 saw significant changes and additions to global legal frameworks around cyber risk management. With these changes, we will likely see an increase in cyber claims across the insurance industry. In 2023, seven new US states finalized amendments and passed comprehensive legislation around data privacy. As similar regulations are more widely implemented, the definition of a privacy breach will continue to develop, potentially resulting in more claims being filed. 

Resilience predicts that the new SEC rules for public organizations may also lead to increased reporting and a critical differentiation in how organizations respond to cyber incidents. The rules require public companies to “disclose any cybersecurity incident they experience that is determined to be material” and to “periodically disclose their processes, if any, for the assessment, identification, and management of material risks from cybersecurity threats.” Going forward, public business leaders will need to consider these elements in a more strategic and holistic way to prepare for this annual disclosure.

4. SEC Rules Altering the Cyber Playbook – Shifting Behaviors for Businesses and  Threat Actors. 

The introduction of new SEC rules has already begun to shift threat actor behavior, and Resilience experts predict this will continue. In late 2023, the ransomware group BlackCat/ALPHV leveraged the SEC’s new rules against a victim organization that neglected to notify the SEC within its designated timeframe. When BlackCat realized their breach had not been reported, they contacted the SEC themselves and filed a complaint against their victim for failing to follow the new rules. Fortunately, the impacted organization had not broken the rules because they had not yet taken effect. However, this brazen move is further evidence of the lengths some threat actors will go to elicit a ransom payment, playing both cop and robber in forcing an organization to react. 

The new SEC rules will also impact how public companies approach their cyber risk management protocols and procedures. Organizations will need to shift strategies to remain in legal compliance. Part of the new rules requires annual articulation of cybersecurity risk management strategies, governance, and processes. 

To comply with this requirement, many organizations will need to build more cyber expertise within their executive team. An expert who can articulate strategies, governance, and processes while bridging the gaps between security and insurance will become increasingly necessary to create and manage “a defined program which operates on a standalone basis, with trusted and repeatable outputs.” 

5. Evolving Requirements of Cyber Insurance – The Latest Rules of Resilience 

2023 was an extremely progressive year for cybersecurity regulations. Given these new security requirements, public cyber insurance clients are likely to change their behaviors to remain in security compliance. Considering the SEC’s new rules for regulation and accountability, publicly traded and even private organizations are likely to shift their approaches to incident reporting, articulating risk management strategies, and incident response planning. “While the new regulations apply specifically to be publicly-traded companies, we anticipate it will heavily influence private companies and how they manage their cyber risk,” said Egglestone.

Despite new rules around security, it will be key for public and private organizations alike to remember that a solely compliance-focused risk management strategy could create security gaps that invite the potential for a cyber incident. Resilience recommends instead taking a risk-focused strategy, which means identifying pivotal risks and working backward to maintain compliance while securing what matters most. 

Remaining Cyber Resilient in 2024 will require even further vigilance around human engineering attacks, third-party incident monitoring, and managing compliance standards. Resilience offers tools to help our clients thoroughly address every aspect of their cyber risk while monitoring the threats that matter most to their environment.

About the Author
Tom Egglestone

Tom Egglestone ACII is Global Head of Claims at Resilience. Before joining us, Egglestone served as Claims Manager - Enterprise Risk at Tokio Marine Kiln, where he was recognized as a specialist in cyber and intellectual property products, having handled some of the London market’s largest claims in those areas. Previously a claims adjuster at CFC and Hiscox, Egglestone has over a decade of escalating experience and responsibility for complex specialty claims and claims operations in the London market.

You might also like

What enterprises over $10 billion need to know about managing cyber risk

The role of the Chief Information Security Officer has undergone a profound transformation from a purely technical role to a strategic business one in recent years. For CISOs operating in organizations with over $10 billion in revenue—a segment that Resilience has recently expanded its cyber risk solutions to serve—the shift comes with unique pressures and […]

How to create an effective Incident Response Plan

Cyberattacks are no longer a distant threat—they are a certainty. Whether it’s a ransomware attack, data breach, or insider threat, organizations must be prepared to respond quickly and effectively. Without a solid plan in place, even a minor security incident can spiral into a major crisis, leading to financial losses, reputational damage, and regulatory penalties. […]

Understanding the ClickFix attack

Imagine a cyberattack so simple yet so deceptive that all it takes is three keystrokes to compromise your system. This is the reality of the ClickFix attack, a threat that Resilience threat researchers have observed in the wild since 2024 and that seems to be ramping up in recent weeks. ClickFix cleverly manipulates users into […]

How MFA can be hacked

Multi-factor authentication (MFA) represents a significant improvement over single-factor authentication, adding an extra layer of security that has become standard practice across industries. It’s become so popular that many organizations and individuals believe implementing MFA makes their accounts nearly impenetrable to attackers. After all, even if someone steals your password, they would still need access […]

What is the ROC?

The cybersecurity industry thrives on headlines. A major software vulnerability, a ransomware attack, or a widespread outage—each event sends ripples of concern through the digital ecosystem, often accompanied by a rush to assign blame and predict catastrophic consequences.  However, the reality of cyber risk is far more nuanced than these attention-grabbing headlines suggest. The key […]

Quantifying cyber risk for strategic business alignment

In Resilience’s recent webinar, “Quantifying Cyber Risk for Strategic Business Alignment,” (which I hosted along with my colleagues Eric Woelfel, Senior Cybersecurity Engineer, and Erica Leise, Senior Security Engineer) we wanted to tackle a common—and often limiting—mindset in cybersecurity. It’s a mindset I’ve seen again and again in my decade and half building machine learning […]