Key Insights from Coalition’s 2024 Cyber Claims Report

Coalition’s latest findings in their 2024 Cyber Claims Report shed critical light on the importance of robust email security practices. According to the report, a staggering 56% of all cyber insurance claims in 2023 stemmed from incidents like funds transfer fraud (FTF) and business email compromise (BEC). This statistic underscores the email inbox not only as a central hub of communication but also as a primary target for cybercriminals.

Coalition emphasized in a press release the convenience of email inboxes for attackers to disrupt payment processes and siphon off funds. “Threat actors want to get paid, and the email inbox has proven to be an easy place for an attacker to uncover payment information and potentially intervene in payment processes to steal funds,” said Robert Jones, Coalition’s Head of Global Claims.

In response to these threats, Coalition shared that it has reclaimed over $38 million in fraudulent transactions, showcasing its commitment to not just insuring but actively safeguarding its clients’ digital assets.

The Double-Edged Sword of Boundary Devices

Boundary security devices like firewalls and VPNs are designed to safeguard networks by monitoring and controlling incoming and outgoing network traffic based on predetermined security rules. However, the report highlights a paradox where the use of certain boundary devices could actually elevate the risk of a cyber incident.

For example, organizations utilizing internet-exposed Cisco ASA and Fortinet devices faced significantly higher claims rates—nearly five times and twice as likely, respectively. This indicates that while these tools are essential, their effectiveness is contingent on continuous updates and vigilant management to patch any vulnerabilities that could be exploited by attackers.

Rethinking Remote Desktop Protocol Security

The shift to remote work has popularized the use of Remote Desktop Protocol (RDP), but this has also amplified risk exposures.

Coalition’s data indicates that policyholders with internet-exposed RDP were 2.5 times more prone to cyber claims. The accessibility of AI tools that simplify the execution of targeted cyberattacks further stresses the importance of securing remote access points against unauthorized intrusions.

Trends in Ransomware: A Mixed Bag

The report also touches on the evolving dynamics of ransomware attacks. While global ransomware payments reached a dizzying $1 billion, Coalition observed a 54% decrease in ransom severity among their policyholders in the latter half of 2023.

This decline, however, was not sufficient to counterbalance the surge in the first half of the year, pointing to an ongoing battle against this persistent threat.

Active Insurance as a Cybersecurity Cornerstone

The insights from Coalition’s 2024 Cyber Claims Report illuminate the multifaceted nature of cyber threats and the critical role of proactive, integrated cybersecurity measures.

Cyber insurance is not a silver bullet and may not be right for every organization, but as businesses navigate the complexities of the digital age, the concept of Active Insurance—where risk prevention goes hand in hand with financial indemnity—has merit. Coalition asserts that by blending traditional insurance with cutting-edge cybersecurity tools, it’s possible to respond to incidents and actively shape a safer cyber environment for businesses worldwide.

For those seeking to fortify their cyber defenses, the full report available for download at Coalition’s website offers a deeper dive into these findings and more, providing a valuable resource for understanding and mitigating digital risks effectively.

Tony Bradley: I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Threads, Facebook, Instagram and LinkedIn.
Related Post