Black Kite, a leader in third-party cyber risk intelligence, released A Fight for Coverage: Cyber Insurance Risk in 2022, a report that examines rising cyber risk concerns and ransomware susceptibility in the insurance sector. The most notable takeaway: nearly 20% of the top 99 insurance carriers have a high susceptibility to ransomware.
“The cyber insurance landscape has never been more volatile. Digital supply chains are quickly expanding – putting companies at greater risk for third-party data breaches and ransomware attacks,” said Bob Maley, CSO of Black Kite. “Protecting your business requires thoroughly assessing and continuously monitoring the cyber health of your digital network.”
Software supply chain attacks have increased sharply – up 300% in 2022 since 2021. Forrester predicts 60% of security incidents in 2022 will result from third-party incidents. In the insurance market, third-party vendors rarely meet the insurance requirements established by the companies that hire them.
Black Kite Research analyzed the top 99 insurance companies by net premiums written to better understand their cyber posture and the impact of increasing risk levels. Key findings include:
- More than half of the largest insurance carriers are 3x more likely to experience a cyber breach than those with ‘A’ ratings.
- 1 in 5 carriers are above the critical ransomware threshold of a 0.6 rating, indicating a high level of ransomware susceptibility.
- 82% of insurance companies analyzed are susceptible to a phishing attack.
- Software vendors are the most common source of supply chain attacks, accounting for 25% of all third-party incidents in 2021.
The largest ransom paid by an organization to date was by an insurance company in 2021, totaling just under $40 million. A ripple effect caused higher insurance premiums, reputational damage, and business interruptions. As a result, 100% of underwriters now rank ransomware and supply chain attacks among their top three threats.
“Eighty-five percent of underwriters believe companies should focus on strengthening their cyber security,” said Jeffrey Wheatman, former Gartner analyst and Black Kite’s new Senior Vice President and Cyber Risk Evangelist (SVP CRE). “Insurers are consistently blindsided with risk events that form deep in their digital supply chains. Black Kite’s latest research is a proof point that action needs to be taken to assess third-party risk and plan accordingly.”
Black Kite provides third-party risk intelligence from a technical, financial, and compliance perspective to eliminate false positives and ensure a holistic approach to vendor risk management. In addition to A Fight for Coverage: Cyber Insurance Risk in 2022, Black Kite issues an annual Third-Party Breach Report as well as risk assessment reports on the automotive manufacturing, energy, and federal sectors.
To learn more about Black Kite, visit https://blackkite.com/