Digital Risk: Enterprises Need More Than Cyber Insurance

Resilience Midyear 2023 Claims Report

Cybercriminals Uplevel Tactics to Deal with Lower Extortion Payment Rate

by Brian Bochner , VP, Marketing
Published October 17, 2023

SAN FRANCISCO, CA, October 17, 2023 – Ransomware is entering a new era, as cybercriminals have begun shifting their tactics to bypass security controls by hitting critical vendors and seeking larger targets for extortions, Resilience found in its Midyear 2023 Claims Report.

Among the key findings:

Cybercriminals are returning to “big-game hunting.” Attackers are focusing on bigger targets, particularly those organizations with sensitive data that are able to pay larger ransom demands. Two recent examples are MGM Resorts and Caesars Entertainment.
Third-party vendors become the lead point of failure. Vendor cyber risk has overtaken phishing attacks as the leading point of failure in cybersecurity. Resilience data shows third-party vendor incidents account for 28.9% of its clients’ all-time claims, ahead of phishing at 23.1%.
Traditional ransomware expanding to encryption-less extortion. Threat actors are expanding on previous tactics in which they encrypted data and offered decryption keys in exchange for ransoms. Now, Resilience is seeing an increase in encryption-less data exfiltration attacks that threaten to publish sensitive material unless the criminals’ extortion demands are met.

“Ransomware remains a top concern for our clients, with data from firms like Chainalysis showing 2023 is on track to be one of the most active years on record,” said Vishaal “V8” Hariprasad, CEO & Co-Founder of Resilience. “However, ransomware risk can be mitigated to the point that victims can choose not to pay a ransom,” Hariprasad added. “Resilience data shows only 15% of the overall Resilience client base who experienced an extortion incident in the first half of 2023 elected to pay to resolve an incident.” By comparison, for all ransomware attacks analyzed by Coveware, the average payment rate was 39.5% in the first two quarters of this year.

A key event behind the trend in encryption-less extortion was the massive hack in May 2023 of the MOVEit file transfer platform. The attack affected at least 1,000 organizations and more than 60 million individuals whose data was stolen by a notorious ransomware and extortion gang. The gang is continuing to extort payments from victims.

The findings of the Midyear 2023 Claims Report support the Resilience model of a holistic approach to managing risk. Earlier in 2023, the company introduced the Resilience Solution, designed to help companies balance their risk acceptance, risk mitigation, and risk transfer so they can assess, measure, and manage their cyber risk in an integrated and economically efficient manner. To read the Resilience Midyear Claims Report, please visit www.CyberResilience.com.

About the Author

Brian Bochner , VP, Marketing

Maria Long Promoted to Resilience Chief Underwriting Officer

New York, NY – April 15, 2025– Resilience, the leading cyber risk company, announced today the appointment of Maria Long as Chief Underwriting Officer. In this role, Long will direct and oversee all aspects of the underwriting function for Resilience’s growing portfolio, reporting directly to George Kotsiopoulos, president of insurance. “Maria’s track record and experience […]

April 15, 2025 | Whitney Glockner Black

Resilience Launches Tech E&O for UK & EU Enterprises

London, UK 10 April 2025: Resilience, the leading provider of cyber risk solutions, announces the introduction of its coverage for Technology Errors and Omissions (Tech E&O) in the UK and Europe, supported through a new partnership with Accredited Insurances. Resilience now offers Tech E&O coverage for clients with more than £50 million or €25 million […]

April 10, 2025 | Whitney Glockner Black

Resilience Expands Capacity with Accredited Insurance to Help Large Enterprises Address the Increasing Complexity of Cyber Risk

SAN FRANCISCO, CA, April 8, 2025 – Resilience, the leading provider of cyber risk solutions, is expanding the availability of its award-winning cyber risk solutions to serve large enterprise accounts with revenue greater than $10 billion. The expanded underwriting authority provides broker partners with more options in addressing clients’ complex cyber risks. Since launching in […]

April 8, 2025 | Whitney Glockner Black

Cybersecurity’s Biggest Blind Spot: Third-Party Risk, New Resilience Analysis Finds

SAN FRANCISCO, CA – February 27, 2025 – Third-party risk emerged as a dominant driver of cyber insurance claims and material losses in 2024, new data from leading cyber risk solutions company Resilience found. Buoyed by interconnected systems and reliance on ubiquitous software vendors, third-party risk has quietly taken center stage as one of the […]

February 27, 2025 | Whitney Glockner Black

Resilience Introduces London Wholesale Market Facility to US Clients

LONDON, UK, 20 February, 2025 – Resilience, the leading cyber risk solutions company, has expanded its partnership with RSA to underwrite US-based risks on a surplus lines basis out of London. The initiative will complement Resilience’s domestic operations and provide a solution for US clients who require or prefer to access cyber insurance capacity in […]

February 20, 2025 | Whitney Glockner Black

Resilience Tackles Rising Tide of Third-Party Cyber Risk With Vendor Risk Insights

SAN FRANCISCO, CA – February 5, 2025 – Resilience, the leading cyber risk solutions company, today unveiled the addition of its Vendor Risk Report (VRR) offering to the company’s integrated cyber risk management platform. The new solution enables enterprise clients to proactively tackle third-party risk by assessing the underlying security health of their most critical […]

February 5, 2025 | Whitney Glockner Black