"Report Finds Just One Unpatched Vulnerability Increases the Risk of a Cyber Insurance Claim by 33%"
The cybersecurity and cyber insurance company Coalition has discovered that policyholders with even one unresolved critical vulnerability are more likely to experience a claim. According to Coalition's 2023 Cyber Claims Report, having even a single unpatched vulnerability increased the risk of cyber insurance claims by 33 percent. The report also found that organizations that continued to use end-of-life software were three times more likely to face an incident. In addition to "human inaction" (not patching software), human error is also a primary risk factor for companies with cyber insurance. Seventy-six percent of reported incidents involved phishing, which is more than six times more prevalent than the next most common attack technique. Nearly all cyber insurance claims related to phishing were the direct consequence of employees falling for phishing tricks. Since the beginning of 2022, phishing-related claims have increased by 29 percent among insured Coalition members. With its insured members, successful phishing often results in funds transfer fraud or Business Email Compromise (BEC), but the report notes that phishing was also the most common method used to gain access to an organization's system for any reason. This article continues to discuss key findings from Coalition's 2023 Cyber Claims Report.