Close Menu
    Data & Analytics

    Cybersecurity’s Biggest Blind Spot: Third-Party Risk, New Resilience Analysis Finds

    By No Comments4 Mins Read
    Resilience

    News provided by

    Resilience 

    Feb 27, 2025, 08:01 ET

    For the first time ever, Resilience observes vendor risk driving financial losses, making up nearly a quarter of material claims in 2024

    SAN FRANCISCO, Feb. 27, 2025 /PRNewswire/ — Third-party risk emerged as a dominant driver of cyber insurance claims and material losses in 2024, new data from leading cyber risk solutions company Resilience found. Buoyed by interconnected systems and reliance on ubiquitous software vendors, third-party risk has quietly taken center stage as one of the industry’s most insidious threats. Today’s enterprises must not only stay abreast of their own security posture, but that of their partners as well—or risk catastrophic losses.

    Losses from third party related risks were the fastest growing area of cyber claims losses in 2024.
    Losses from third party related risks were the fastest growing area of cyber claims losses in 2024.

    Threat actors have a track record of exploiting a single point of failure in one company to create a cascading effect of disruption and chaos downstream, as evidenced by recent incidents like the PowerSchool, CDK, and Change Healthcare breaches. New cyber insurance claims data from Resilience’s portfolio illustrates the financial fallout of this domino effect, finding that third-party risk, including ransomware and outages affecting vendors, accounted for 31% of all claims in 2024. Even more startling, third-party risk led to claims with incurred1 losses for the first time ever, making up nearly a quarter (23%) of incurred claims in 2024 (compared to 0% in 2023).

    “Third-party risk isn’t only making headlines—it’s driving unprecedented losses. While this risk is often invisible until it’s too late, it’s now clear that the industry has reached a tipping point,” said Vishaal “V8” Hariprasad, Co-Founder and CEO of Resilience. “Businesses can no longer afford to consider their partners’ vulnerabilities as siloed from their own. By understanding this new reality of shared risk, enterprises can make smarter business decisions and meaningfully mitigate material loss.”

    Additional findings across Resilience’s portfolio include:

    Ransomware, Transfer Fraud Led To Most Losses

    • Ransomware held its position as a top cause of loss in 2024. 43% of incurred claims involved first-party ransomware incidents and 18% of incurred claims involved ransomware attacks targeting vendors; together, a staggering 61% of all claims with losses were related to ransomware.
    • Transfer fraud rose in popularity, rising from 14% of incurred claims by frequency in 2023 to 18% in 2024.

    Vulnerable Industries Were Hit Hard, But Some Effects Were More Visible Than Others

    • Transportation, manufacturing and healthcare led in incurred claim frequency, potentially due to their reliance on often outdated operational technology and high downtime costs.
    • Healthcare and finance led in claim reporting frequency, potentially due to their stricter regulatory environments and requirements to report incidents, even if they are not material.

    Despite Challenges, Silver Linings Remain

    • Once a primary point of failure, phishing proved less effective in causing financial loss. In 2024, phishing led to just 9% of incurred claims, a significant drop from 2023, a year in which it led to 20% of incurred claims.

    “As a company that provides both cyber risk quantification software and cyber insurance, we have unique insight into how companies are mitigating financial fallout from today’s cybersecurity challenges,” said Jeremy Gittler, global head of claims at Resilience. “Even in the face of an evolving threat landscape over the past year, enterprises are continuing to make major improvements in how they manage cyber risk and prevent material loss.”

    The new findings follow Resilience’s August 2024 Midyear Cyber Risk Report and leverage data from the company’s Threat Intelligence team and insurance claims portfolio to provide a comprehensive, up-to-date look at trends in cyber risk and how enterprises have responded throughout 2024.

    To learn about how Resilience is tackling third-party risk, see here. For more information about Resilience, visit www.cyberresilience.com.

    About Resilience
    Resilience helps organizations become cyber resilient to material losses by staying ahead of cyber criminals. Founded by experts from across the highest tiers of the US military and intelligence communities – and built by prominent leaders and innovators from the cybersecurity, technology, and insurance industries – Resilience is the world’s first cyber risk company that offers risk quantification software, cybersecurity experts, and $20 million capacity of A+ insurance in integrated solutions purpose-built for large and middle-market organizations.

    Resilience is proud to be backed by leading technology investment firms including General Catalyst, Lightspeed Venture Partners, Intact Ventures, Founders Fund, CRV, and Shield Capital. With headquarters in San Francisco, Resilience is globally dispersed, with teams in New York, Chicago, Los Angeles, Baltimore, Toronto, London, and Dublin. Resilience offers insurance coverage through its licensed and appointed insurance agency, and security services through its expert security team. The Resilience Solution is available through all broker partners to clients in the United States, United Kingdom, Canada, and Europe.

    1Incurred claims are claims for which payments have been made or case reserves have been set.

    SOURCE Resiliencert

    Leave A Reply