Introduction
In 2024 [1] [2] [3] [4] [5] [6] [7] [8] [9], the cyber insurance landscape experienced significant changes, primarily driven by the rise of third-party cyber risks and ransomware incidents. These developments underscore the increasing importance of addressing vendor-related vulnerabilities and adapting to evolving cyber threats.
Description
In 2024 [1] [2] [3] [4] [5] [6] [7] [8] [9], third-party cyber risk emerged as a significant contributor to the cyber insurance landscape, accounting for 31% of all client claims and representing nearly a quarter (23%) of incurred losses, a notable increase from zero in 2023 [1] [9]. This shift underscores the growing impact of vendor-related vulnerabilities [3], as a single point of failure in one organization can lead to widespread disruptions across partners [1]. High-profile breaches involving companies such as CDK Global, PowerSchool [1] [3] [7] [8], and Change Healthcare exemplify this interconnectedness [3], highlighting the critical need for businesses to recognize and address the vulnerabilities of their partners to effectively mitigate material losses.
Ransomware incidents played a major role in these losses [5], with first-party ransomware accounting for 43% of incurred claims and vendor-targeted attacks contributing to 18%, totaling 61% of all claims related to ransomware [1] [3]. The frequency of ransomware incidents increased four-fold compared to the previous year, emphasizing the escalating threat posed by these attacks. The healthcare and finance sectors reported the most claims [9], influenced by stringent regulatory requirements [1] [9], while the transportation and manufacturing sectors experienced higher frequencies of claims due to their reliance on outdated operational technology and the substantial costs associated with downtime [4].
In contrast [4] [9], phishing incidents saw a notable decline, accounting for only 9% of claims in 2024 [4] [9], down from 20% in the previous year [4]. Additionally, transfer fraud rose from 14% of incurred claims in 2023 to 18% in 2024 [4] [9], reflecting the evolving landscape of cyber threats.
Despite these alarming statistics, there are indications that the frequency of ransomware attacks may be declining in broader markets [2], as threat actors appear to be increasingly targeting larger [2], high-profile organizations for bigger payouts [2]. This trend emphasizes the critical need for businesses to manage not only their own cybersecurity but also that of their partners and vendors to mitigate financial losses and prevent cascading disruptions [9]. In response to these evolving threats [6], businesses are implementing stricter vendor selection processes and enhanced monitoring [6], while insurance companies are adjusting their underwriting practices to better address these risks [6].
Conclusion
The evolving cyber threat landscape in 2024 highlights the critical need for businesses to enhance their cybersecurity measures, particularly in managing third-party risks and ransomware threats. By implementing stricter vendor selection processes and improving monitoring [6], organizations can better protect themselves and their partners. Insurance companies are also adapting their practices to address these challenges, ensuring that both businesses and insurers are better prepared for future cyber threats.
References
[1] https://www.carriermanagement.com/news/2025/02/27/272312.htm
[2] https://www.infosecurity-magazine.com/news/third-party-financial-losses/
[3] https://www.prnewswire.com/news-releases/cybersecuritys-biggest-blind-spot-third-party-risk-new-resilience-analysis-finds-302386804.html
[4] https://www.businessinsurance.com/third-party-risk-driving-cyber-insurance-claims-resilience/
[5] https://betanews.com/2025/02/27/third-party-risk-is-biggest-cybersecurity-blind-spot/
[6] https://cyberresilience.com/threatonomics/2024-cyber-risk-year-in-review/
[7] https://www.insurancejournal.com/news/national/2025/02/28/813641.htm
[8] https://cirmagazine.com/cir/c2025022802.php
[9] https://www.reinsurancene.ws/third-party-risk-emerges-as-key-driver-of-cyber-insurance-claims-losses-in-2024-resilience/
