Third-party risk driving cyber insurance claims

Third-party risk emerged as a “dominant” driver of cyber insurance claims and material losses in 2024, according to data from Resilience Cyber Insurance Solutions Inc. 

While ransomware remained the top cause of loss in 2024 as 43% of incurred claims involved first-party ransomware incidents, another 18% of incurred claims involved ransomware attacks targeting vendors, according to the cyber insurer. 

Together, the ransomware exposure accounted for 61% of all claims with losses, according to Resilience data. 

The transportation, manufacturing and health care sectors led in incurred claim frequency, “potentially due to their reliance on often outdated operational technology and high downtime costs,” Resilience said. 

Transfer fraud incidents also increased, rising from 14% of incurred claims by frequency in 2023 to 18% in 2024. 

Meanwhile, phishing attacks became less common. In 2024, phishing led to just 9% of incurred claims, a “significant” drop from 2023, during which it led to 20% of incurred claims, Resilience said. 

“Third-party risk isn’t only making headlines, it’s driving unprecedented losses,” Vishaal Hariprasad, co-founder and CEO of Resilience, said in a statement. “Businesses can no longer afford to consider their partners’ vulnerabilities as siloed from their own.”