Resources

Threat actors exploit cybersecurity gaps from M&A and software consolidation, Resilience finds

Ransomware attacks surge in frequency and severity since 2023, buoyed by major attacks on Change Healthcare, CDK Global, and others

by Marykate Broderick , Assistant Marketing Manager
Published

SAN FRANCISCO, CA – August 13, 2024 – Threat actors evolved their tactics in 2024 to take advantage of business and technology consolidation, the leading cyber risk solution company Resilience found in its Midyear 2024 Cyber Risk Report. Increasing M&A and reliance on ubiquitous software vendors created new opportunities for threat actors to unleash widespread ransomware campaigns by exploiting a single point of failure. Some of the most disruptive cyberattacks over the past year involved heavily interconnected systems or recently acquired companies, to devastating effect—even putting entire economic sectors on hold.

The Midyear 2024 Cyber Risk Report, published today, leverages data from Resilience’s threat research team and insurance claims portfolio to analyze trends in hacking activity and industry responses. Key findings include: 

  • Ransomware remained the leading cause of loss since January 2023, with 64% of ransomware-related claims resulting in a loss. The financial severity of claims related to ransomware attacks increased 411% from 2022 to 2023.
  • Ransomware attacks on Change Healthcare and CDK Global, as well as the PanOS zero-day vulnerability, represented 2024’s top claim-driving events thus far.
  • Of all claims received since January 2023, 35% were the result of a vendor data breach or ransom attack exploiting a third-party vendor—including notable vulnerabilities associated with Ivanti software—and in 2024 that number is already 40%, and expected to grow. 
  • The BlackCat hacking group—responsible for the Change Healthcare cyber incident—entered 2024 with an existing track record: in 2023, the group topped the list of most costly attacks, with BlackCat attacks accounting for 18% of covered losses from ransomware.
  • Two sectors saw the largest increases in claims in 2024: manufacturing and construction. Manufacturing rose from 15.2% of all claims in 2023 to 41.7% of all claims in 2024; while construction rose from 6.1% of 2023 claims to 25.0% of 2024 claims. 

Global M&A deal volume increased 36% in the first quarter of 2024. While this growth can be seen as a sign of positive economic development, it can also create a staggering number of potential new points of failure. Similarly, technology consolidation—in which industries rely on single suppliers for critical platform services—have proven to lead to catastrophic effects downstream if a single supplier is breached. In addition to potential ransom payments, impacted organizations typically face significant business interruption and lost revenue. 

“Major attacks like the ones on Change Healthcare, CDK Global, and AT&T have been wreaking havoc and making headlines, but they also remind us that we’re facing a new status quo. Increased vendor interdependence and M&A activity have created an unprecedented opportunity for hackers, with far more points of failure and potential for human error,” said Vishaal “V8” Hariprasad, co-founder and CEO of Resilience. “Now more than ever, we need to rethink how the C-suite approaches cyber risk. Businesses are interconnected like never before, and their resilience now depends on that of their partners and others in the industry.”

Resilience’s unique combination of cyber insurance offerings, risk quantification, and cybersecurity expertise helps clients get ahead of emerging threats—and bounce back faster from cyber incidents that do occur. Over 90% of Resilience clients that directly experienced a ransomware attack in 2023-2024 avoided paying an extortion fee. In fact, even as incidents tied to Lockbit or Cl0p ransomware grew over the past year, Resilience clients were able to effectively mitigate and manage these destructive threats, and avoided paying any extortion fees tied to these hacking groups. 

“While cybersecurity has historically been considered as a line item in a company’s budget, it’s clear that this is insufficient,” said Tom Egglestone, global head of claims at Resilience. “Business leaders must adopt a risk-centric approach—one in which security strategies are grounded in the financial translation of cyber threats. At Resilience, this approach has paid dividends. In 2023 and 2024, our clients minimized material losses, rarely paid extortions, and avoided business disruption—not only withstanding the effects of attacks, but coming out stronger on the other side.”

To read the full report, see here

About the Author
Marykate Broderick , Assistant Marketing Manager

You might also like

cyber resilience framework

Maria Long Promoted to Resilience Chief Underwriting Officer

New York, NY – April 15, 2025– Resilience, the leading cyber risk company, announced today the appointment of Maria Long as Chief Underwriting Officer. In this role, Long will direct and oversee all aspects of the underwriting function for Resilience’s growing portfolio, reporting directly to George Kotsiopoulos, president of insurance.  “Maria’s track record and experience […]

Digital Risk: Enterprises Need More Than Cyber Insurance

Resilience Launches Tech E&O for UK & EU Enterprises

London, UK 10 April 2025: Resilience, the leading provider of cyber risk solutions, announces the introduction of its coverage for Technology Errors and Omissions (Tech E&O) in the UK and Europe, supported through a new partnership with Accredited Insurances. Resilience now offers Tech E&O coverage for clients with more than £50 million or €25 million […]

Digital Risk: Enterprises Need More Than Cyber Insurance

Resilience Expands Capacity with Accredited Insurance to Help Large Enterprises Address the Increasing Complexity of Cyber Risk

SAN FRANCISCO, CA, April 8, 2025 – Resilience, the leading provider of cyber risk solutions, is expanding the availability of its award-winning cyber risk solutions to serve large enterprise accounts with revenue greater than $10 billion. The expanded underwriting authority provides broker partners with more options in addressing clients’ complex cyber risks. Since launching in […]

cyber resilience framework

Cybersecurity’s Biggest Blind Spot: Third-Party Risk, New Resilience Analysis Finds

SAN FRANCISCO, CA – February 27, 2025 – Third-party risk emerged as a dominant driver of cyber insurance claims and material losses in 2024, new data from leading cyber risk solutions company Resilience found. Buoyed by interconnected systems and reliance on ubiquitous software vendors, third-party risk has quietly taken center stage as one of the […]

Digital Risk: Enterprises Need More Than Cyber Insurance

Resilience Introduces London Wholesale Market Facility to US Clients

LONDON, UK, 20 February, 2025 – Resilience, the leading cyber risk solutions company, has expanded its partnership with RSA to underwrite US-based risks on a surplus lines basis out of London. The initiative will complement Resilience’s domestic operations and provide a solution for US clients who require or prefer to access cyber insurance capacity in […]

Resilience Tackles Rising Tide of Third-Party Cyber Risk With Vendor Risk Insights

SAN FRANCISCO, CA – February 5, 2025 – Resilience, the leading cyber risk solutions company, today unveiled the addition of its Vendor Risk Report (VRR) offering to the company’s integrated cyber risk management platform. The new solution enables enterprise clients to proactively tackle third-party risk by assessing the underlying security health of their most critical […]