Black Kite released a report that examines rising cyber risk concerns and ransomware susceptibility in the insurance sector. The most notable takeaway: nearly 20% of the top 99 insurance carriers have a high susceptibility to ransomware.
“The cyber insurance landscape has never been more volatile. Digital supply chains are quickly expanding – putting companies at greater risk for third-party data breaches and ransomware attacks,” said Bob Maley, CSO of Black Kite. “Protecting your business requires thoroughly assessing and continuously monitoring the cyber health of your digital network.”
Software supply chain attacks have increased sharply – up 300% in 2022 since 2021. Forrester predicts 60% of security incidents in 2022 will result from third-party incidents. In the insurance market, third-party vendors rarely meet the insurance requirements established by the companies that hire them.
The research analyzed the top 99 insurance companies by net premiums written to better understand their cyber posture and the impact of increasing risk levels.
Ransomware susceptibility of the insurance sector
- More than half of the largest insurance carriers are 3x more likely to experience a cyber breach than those with ‘A’ ratings.
- 1 in 5 carriers are above the critical ransomware threshold of a 0.6 rating, indicating a high level of ransomware susceptibility.
- 82% of insurance companies analyzed are susceptible to a phishing attack.
- Software vendors are the most common source of supply chain attacks, accounting for 25% of all third-party incidents in 2021.
The largest ransom paid by an organization to date was by an insurance company in 2021, totaling just under $40 million. A ripple effect caused higher insurance premiums, reputational damage, and business interruptions. As a result, 100% of underwriters now rank ransomware and supply chain attacks among their top three threats.
“Eighty-five percent of underwriters believe companies should focus on strengthening their cyber security,” said Jeffrey Wheatman, Black Kite’s SVP CRE. “Insurers are consistently blindsided with risk events that form deep in their digital supply chains. Black Kite’s latest research is a proof point that action needs to be taken to assess third-party risk and plan accordingly.”