• A new cybersecurity and cyber insurance startup Coalition Inc. report finds that policyholders with as few as one unresolved critical vulnerabilities are more likely to experience a claim.
  • The survey also revealed that firms using end-of-life software—products no longer maintained by their developers—were three times more likely to have an incident.

In a new report, Coalition Inc., a cybersecurity and cyber insurance firm, reveals that policyholders with even one unresolved critical vulnerability are likelier to experience a claim.

According to the 2023 Cyber Claims Report, even one unpatched vulnerability raised the risk of filing a cyber insurance claim by 33%. The report also found that businesses that used end-of-life software, defined as products which are not supported by their original developers anymore, were three times more likely to experience an incident.

In addition to “human inaction” (not patching software), human error is a primary risk factor for companies with cyber insurance, according to the report’s notable findings. 76% of reported incidents involved phishing, more than six times more prevalent than the following most pervasive attack technique. Almost all phishing-related cyber insurance claims were caused directly by employees falling for phishing efforts.

Since the beginning of 2022, phishing-related claims have increased by 29% among insured Coalition members. Successful phishing typically leads to money transfer fraud or business email breaches among its insured members. Still, the research states that phishing was also the most prevalent way used to obtain access to an organization’s system for any purpose.

Catherine Lyle, Coalition’s head of claims, said before the report’s release, “Threat actors are forever looking for targets with weak security controls or unprotected infrastructures – these are the paths of least resistance into a company’s network. Unfortunately, that’s why human inaction, such as not patching a publicized critical vulnerability or updating out-of-date software, is a high-risk factor for a cyber incident or cyber claim.”

Coalition noted a 17% decline in claims from 2021 to 2022, a positive sign for businesses attempting to defend themselves against cyberattacks. After a 23% increase in 2021, money transfer fraud decreased marginally in 2022. When fund transfer fraud occurred among Coalition-insured members, the company recovered 66% of the lost funds.

The Coalition also claimed that the frequency of ransomware claims has reduced by 54% year on year, and ransomware demands decreased by 17.5% to one million dollars in 2022. In 2022, the Coalition agreed to ransom payments for policyholders averaging 27% of the initial demand.