Third-Party Risk Accounted for Nearly a Quarter of Material Claims
According to new data from cyber risk firm Resilience, third-party risk became a leading cause of cyber insurance claims in 2024. The report found that vendor-related incidents accounted for 31% of all claims and nearly 23% of incurred losses. In 2023, third-party risk had no recorded financial impact, marking a dramatic shift. This increase significantly highlights third-party cyber risk management as a growing concern for insurers.
Once upon a time, this article might have opened with a clever analogy—perhaps comparing third-party risk to an uninvited guest at a party. But SEO doesn’t favor creativity in that way. Let’s dive straight into the data.
Ransomware and Transfer Fraud Drove Losses
Ransomware remained the top cause of financial loss in cyber insurance claims. First-party ransomware incidents comprised 43% of incurred claims, while attacks on vendors accounted for 18%. All told, ransomware contributed to 61% of all claims with losses. Transfer fraud also increased, from 14% of claims in 2023 to 18% in 2024. The growth in losses from third-party cyber risks has significantly impacted these statistics.
Industries Most Affected
Transportation, manufacturing, and healthcare sectors reported the highest frequency of claims. One explanation for that is that these industries often depend on outdated operational technology, increasing their vulnerability. Meanwhile, finance and healthcare led in claim reporting due to regulatory requirements. These industries must stay vigilant about third-party cyber risk factors.
Decline in Phishing-Related Losses
Phishing became less effective. It dropped from 20% of claims in 2023 to 9% in 2024, suggesting that cybersecurity adjustments worked.
Cyber Risk Management Becoming More Critical
The findings highlight the growing need for businesses to assess their third-party security risk. Vishaal “V8” Hariprasad, CEO of Resilience, emphasized that companies can no longer treat vendor vulnerabilities separately from their own.
“Businesses can no longer afford to consider their partners’ vulnerabilities as siloed from their own. By understanding this new reality of shared risk, enterprises can make smarter business decisions and meaningfully mitigate material loss,” said Hariprasad.
Resilience continues to analyze cyber risk trends through its claims data and threat intelligence. The company’s latest insights build on its August 2024 Midyear Cyber Risk Report.
