Third-Party cyber risks fuel rising insurance claims,financial losses

Joy Agwunobi

The increasing reliance on interconnected systems and software vendors has fueled a surge in cyber insurance claims, with third-party risk emerging as a significant driver of financial losses in 2024.

According to a new report by Resilience, third-party cyber risks including ransomware attacks and vendor outages—now account for nearly a third of all cyber insurance claims, marking a shift in the global cybersecurity landscape.

The data reveals that 31 per cent  of all cyber insurance claims in 2024 were linked to third-party vulnerabilities,which marks an  increase from previous years. More concerning is that such risks led to incurred financial losses for the first time, making up 23 per cent  of total claims, compared to 0 per cent  in 2023.

Ransomware remains the leading cause of cyber-related financial losses, with 61 per cent  of incurred claims tied to ransomware incidents. While 43 per cent  of these cases involved direct attacks on businesses, 18 per cent stemmed from breaches targeting software vendors. The growing trend of cybercriminals infiltrating service providers has significantly expanded the scale and impact of these attacks, affecting multiple organisations at once.

Another rising concern is transfer fraud, where criminals manipulate businesses into wiring funds to fraudulent accounts. According to the report,this form of cybercrime accounted for 18 per cent  of incurred claims in 2024, an increase from 14 per cent  in the previous year. Attackers often exploit weak authentication measures and social engineering tactics to deceive employees into executing unauthorised transactions.

Transportation, manufacturing, and healthcare have reported the highest frequency of cyber insurance claims due to their reliance on legacy systems and the high cost of operational disruptions with healthcare and finance sectors facing stringent regulatory requirements, recorded the most reported claims, reflecting increased scrutiny and reporting obligations.

For businesses in these industries, vendor-related cyber incidents can lead to operational shutdowns, supply chain disruptions, and exposure of sensitive data. The financial and reputational damage from such breaches often extends far beyond immediate recovery efforts.

While phishing was once a primary cybersecurity concern, its role in financial losses has significantly declined. The report notes that phishing-related claims dropped to 9 per cent  in 2024, down from 20 per cent  in 2023. This decline suggests that improved security awareness and stricter authentication protocols have helped curb phishing threats. However, this progress does little to offset the growing impact of third-party risks, which have now become a more pressing issue for businesses.

Vishaal Hariprasad, co-founder and CEO of Resilience, emphasised that businesses must reassess their cybersecurity strategies to address shared vulnerabilities. “Third-party risk is not  only making headlines—it’s driving unprecedented losses. Enterprises must recognise that their security is only as strong as their weakest partner,” he warned.

Jeremy Gittler, global head of claims at Resilience, acknowledged that while businesses are making efforts to mitigate cyber risks, the evolving nature of threats demands a more comprehensive approach. “Companies are becoming more proactive in preventing financial fallout from cyber threats. However, the interconnected nature of modern business means shared risk must be a key focus in cybersecurity strategies,” he noted.

With the increasing number of third-party cyber incidents underscores a harsh reality: businesses are no longer just responsible for securing their own networks but must also safeguard the entire digital ecosystem they depend on.