Any data relating to a company on the dark web significantly increases that organization’s risk of suffering a cyberattack, according to a study by Marsh McLennan’s Cyber Risk Intelligence Center. 

Organizations that are mentioned in dark web market listings or tied to compromised accounts on the dark web are more than twice as likely to experience an attack, according to a report on the findings released Sept. 23. 

“Cybercriminals plan their attacks on dark web forums, marketplaces, and in hidden communication channels, and the study has quantified the risk of each of these areas of dark web exposure for the first time,” Ben Jones, CEO of dark web intelligence firm Searchlight Cyber, which collaborated with Marsh McLennan, said in a press release. 

Cybersecurity company Kaspersky Lab defines the dark web as “the hidden collective of internet sites only accessible by a specialized web browser.” 

“It is used for keeping internet activity anonymous and private, which can be helpful in both legal and illegal applications,” according to an article posted on the company’s website. “While some use it to evade government censorship, it has also been known to be utilized for highly illegal activity.” 

Cybercriminals use the dark web to communicate among one another, plan their attacks, and buy, sell, and build the tools they need to execute them, according to the Marsh McLennan report. 

The research found that dark web intelligence is “highly correlated” with forthcoming cyber incidents, as well as cyber insurance loss frequency. 

“The first step has to be to gain visibility into your exposure on the dark web,” the report said. “Understanding where the organization is vulnerable is critical for informing defense and the value of pre-attack intelligence is that it creates an invaluable window of time for the security team to act before the network is breached.” 

Marsh McLennan analyzed Searchlight’s dark web dataset against a sample of 9,410 organizations with an overall breach rate of 3.7% from 2020 to 2023 to determine whether there was a correlation between data breaches and findings on the dark web in the year before the incident. 

The first half of 2024 saw 1,571 data compromises, a 14% increase compared to the year-earlier period, according to an analysis by the Identity Theft Resource Center, a nonprofit organization established to support victims of identity crime. 

Nearly half (47%) of U.S. businesses have suffered significant revenue loss due to a data security incident, according to survey results published last month by data protection company Arcserve. 

“For those laser-focused on growing revenue and controlling costs, this revenue downside perspective should be a wake-up call,” said a report on the findings.