2 min

A new report shows that companies with even one unresolved vulnerability are more likely to experience a claim.

This week SiliconANGLE highlighted a new report by the cyber insurance startup Coalition showing that companies with even one unpatched critical vulnerability have a 33% higher likelihood of filing a claim. Coalition’s 2023 Cyber Claims Report also found that organizations that continued to use end-of-life software (products no longer supported by their original developers) were three times more likely to suffer from an incident.

The risk of human error

The report highlighted the risks arising from what the company calls “human inaction,” i.e. not patching software. It also found that simple human error is “a primary risk factor” among companies with cyber insurance.

For example, phishing accounted for 76% of reported incidents. This is when employees click on a link in an email that is designed to lure them into revealing personal information or security credentials. According to the report, such targeted attacks occurred more than six times greater than the next-most popular attack technique. And when it came to phishing, nearly all cyber insurance claims directly resulted from employees falling for such email tricks.

Phishing attacks on the rise

Indeed, among Coalition’s insured member companies, phishing-related claims increased by 29% from the beginning of 2022. Coalition further found that successful phishing frequently leads to funds transfer fraud or business email compromise events. In addition, the report notes that phishing was also the top way for hackers to access an organization’s system for any purpose.

Catherine Lyle, Coalition’s head of claims, commented to SiliconANGLE before the report’s official release. “Threat actors are forever looking for targets with weak security controls or unprotected infrastructures – these are the paths of least resistance into a company’s network”.

“Unfortunately, that’s why human inaction, such as not patching a publicized critical vulnerability or updating out-of-date software, is a high-risk factor for a cyber incident or cyber claim”, Lyle added.