Digital Risk: Enterprises Need More Than Cyber Insurance

Resilience Midyear 2023 Claims Report

Cybercriminals Uplevel Tactics to Deal with Lower Extortion Payment Rate

by Brian Bochner , VP, Marketing
Published October 17, 2023

SAN FRANCISCO, CA, October 17, 2023 – Ransomware is entering a new era, as cybercriminals have begun shifting their tactics to bypass security controls by hitting critical vendors and seeking larger targets for extortions, Resilience found in its Midyear 2023 Claims Report.

Among the key findings:

Cybercriminals are returning to “big-game hunting.” Attackers are focusing on bigger targets, particularly those organizations with sensitive data that are able to pay larger ransom demands. Two recent examples are MGM Resorts and Caesars Entertainment.
Third-party vendors become the lead point of failure. Vendor cyber risk has overtaken phishing attacks as the leading point of failure in cybersecurity. Resilience data shows third-party vendor incidents account for 28.9% of its clients’ all-time claims, ahead of phishing at 23.1%.
Traditional ransomware expanding to encryption-less extortion. Threat actors are expanding on previous tactics in which they encrypted data and offered decryption keys in exchange for ransoms. Now, Resilience is seeing an increase in encryption-less data exfiltration attacks that threaten to publish sensitive material unless the criminals’ extortion demands are met.

“Ransomware remains a top concern for our clients, with data from firms like Chainalysis showing 2023 is on track to be one of the most active years on record,” said Vishaal “V8” Hariprasad, CEO & Co-Founder of Resilience. “However, ransomware risk can be mitigated to the point that victims can choose not to pay a ransom,” Hariprasad added. “Resilience data shows only 15% of the overall Resilience client base who experienced an extortion incident in the first half of 2023 elected to pay to resolve an incident.” By comparison, for all ransomware attacks analyzed by Coveware, the average payment rate was 39.5% in the first two quarters of this year.

A key event behind the trend in encryption-less extortion was the massive hack in May 2023 of the MOVEit file transfer platform. The attack affected at least 1,000 organizations and more than 60 million individuals whose data was stolen by a notorious ransomware and extortion gang. The gang is continuing to extort payments from victims.

The findings of the Midyear 2023 Claims Report support the Resilience model of a holistic approach to managing risk. Earlier in 2023, the company introduced the Resilience Solution, designed to help companies balance their risk acceptance, risk mitigation, and risk transfer so they can assess, measure, and manage their cyber risk in an integrated and economically efficient manner. To read the Resilience Midyear Claims Report, please visit www.CyberResilience.com.

About the Author

Brian Bochner , VP, Marketing

Resilience Expands Operations to Bring Cyber Resilience to Germany and Austria

Munich, Germany – 14 May, 2024: Resilience, the leading cyber risk solutions company, has expanded its European insurance operations to Germany and Austria. To lead its efforts to support clients and brokers in the region, the company has hired cyber insurance expert Thorsten Mairhofer as Head of the region. Building on successful expansion in France […]

May 14, 2025 | Whitney Glockner Black

Resilience Unveils Interactive Cyber Risk Calculator

SAN FRANCISCO, CA – May 13, 2025 – Resilience, a leader in cyber risk solutions, today launched the industry’s first Cyber Risk Calculator to provide organizations with a financial snapshot of their cyber risk. The AI-powered tool provides security and risk practitioners and C-Suite executives alike with a common, data-driven language to better understand and […]

May 13, 2025 | Whitney Glockner Black

Resilience Welcomes Diego Rodriquez Vazquez as Underwriting Manager for Spain and Portugal

Madrid, Spain May 7, 2025 – Resilience, the leading cyber risk solutions company, announced today the appointment of Diego Rodriquez Vazquez as Underwriting Manager for Spain and Portugal. Diego joins Resilience from Axa XL where he worked for two years as Senior Cyber Underwriter for Spain and Portugal; before that, he worked four years as […]

May 7, 2025 | Whitney Glockner Black

Maria Long Promoted to Resilience Chief Underwriting Officer

New York, NY – April 15, 2025– Resilience, the leading cyber risk company, announced today the appointment of Maria Long as Chief Underwriting Officer. In this role, Long will direct and oversee all aspects of the underwriting function for Resilience’s growing portfolio, reporting directly to George Kotsiopoulos, president of insurance. “Maria’s track record and experience […]

April 15, 2025 | Whitney Glockner Black

Resilience Launches Tech E&O for UK & EU Enterprises

London, UK 10 April 2025: Resilience, the leading provider of cyber risk solutions, announces the introduction of its coverage for Technology Errors and Omissions (Tech E&O) in the UK and Europe, supported through a new partnership with Accredited Insurances. Resilience now offers Tech E&O coverage for clients with more than £50 million or €25 million […]

April 10, 2025 | Whitney Glockner Black

Resilience Expands Capacity with Accredited Insurance to Help Large Enterprises Address the Increasing Complexity of Cyber Risk

SAN FRANCISCO, CA, April 8, 2025 – Resilience, the leading provider of cyber risk solutions, is expanding the availability of its award-winning cyber risk solutions to serve large enterprise accounts with revenue greater than $10 billion. The expanded underwriting authority provides broker partners with more options in addressing clients’ complex cyber risks. Since launching in […]

April 8, 2025 | Whitney Glockner Black