Listen to this Post
In 2024, while ransomware remained the most costly form of cyberattack, financial fraud claims, especially those linked to third-party breaches, skyrocketed. As businesses become increasingly interconnected, the risks associated with third-party security lapses are more pronounced than ever. A new report from cyber-insurance firm At-Bay reveals that financial fraud, often stemming from phishing attacks, has surpassed ransomware in frequency. At the same time, breaches involving third-party vendors have emerged as a major threat, driving up costs and exposing businesses to significant risks.
The rise of third-party risks highlights the importance of robust cybersecurity strategies and greater collaboration between companies and their insurers. This article takes a closer look at the trends emerging from the latest cyber-insurance data and the implications for businesses aiming to manage cyber risks more effectively.
Financial Fraud and Third-Party Breaches: The Numbers Speak for Themselves
At-Bay’s 2025 InsurSec Report reveals a significant uptick in cyber-insurance claims, particularly those related to financial fraud. While the total cost per incident has decreased—falling to $166,000 in 2024 from $213,000 in 2021—the number of claims has steadily increased, with a 16% rise in 2024 alone. Financial fraud claims, often resulting from phishing attacks, are now more prevalent than ransomware claims, though ransomware still remains the most costly type of cyberattack.
An alarming trend is the growing number of “indirect” ransomware attacks. These occur when businesses are exposed to ransomware through a third-party breach. According to Adam Tyra, CISO for At-Bay’s clients, attackers gain critical information from breaches at third-party vendors, allowing them to craft more convincing phishing schemes or manipulate email chains. This enables attackers to target companies with fraudulent invoices or malicious requests, causing financial damage without any direct fault on the part of the victimized company.
Data also shows that breaches involving third parties have seen a substantial rise in costs. While direct ransomware attacks averaged $468,000 per incident in 2024, breaches involving third-party vendors resulted in an average claim of $241,000—a 72% increase from the previous year. The trend underscores the critical role of third-party risk management in today’s cybersecurity landscape.
What Undercode Says: Understanding the Rising Threat of Third-Party Breaches
The increasing prevalence of third-party breaches is a game-changer for businesses and insurers alike. As companies increasingly rely on external vendors, contractors, and partners, the vulnerability of these third parties has become a major weak point in the overall security posture. In fact, third-party vulnerabilities accounted for 31% of cyber-related claims at rival insurance firm Resilience Cyber Insurance Solutions in 2024. This growing trend highlights the interconnected nature of today’s business ecosystem, where the risks faced by one company can have far-reaching implications for others in the supply chain.
What stands out is the fact that many organizations are still not adequately addressing third-party risks. The cybersecurity of external vendors, contractors, and service providers is often overlooked, despite the fact that their security failures can directly impact a company’s operations. This highlights the need for a more comprehensive approach to cyber hygiene that extends beyond a company’s internal systems to encompass the security measures of all its partners.
One notable insight from the report is the suggestion that companies should consider cyber-insurance providers as partners in cybersecurity risk management. Insurers are increasingly playing an advisory role, helping businesses assess and mitigate risks in ways they hadn’t previously considered. In the face of rising threats and diminishing government support, the role of insurers as trusted advisors becomes even more crucial. Companies that leverage data from their insurers to inform their cybersecurity strategies can better prioritize investments in tools like endpoint detection and response (EDR) systems, as well as strengthen their monitoring and response capabilities.
Furthermore, the surge in financial fraud claims linked to third-party breaches underlines the importance of training and awareness within organizations. Employees need to be better equipped to identify and respond to phishing attacks, which continue to be a common method for cybercriminals to exploit third-party vulnerabilities.
Fact Checker Results
- The rise in claims due to third-party breaches is a growing concern for both insurers and businesses.
- Financial fraud, primarily caused by phishing attacks, continues to be a frequent and costly cyber incident.
- Cyber-insurance providers are increasingly taking on an advisory role, helping businesses navigate the complex landscape of third-party risks.
References:
Reported By: www.darkreading.com
Extra Source Hub:
https://www.quora.com/topic/Technology
Wikipedia
Undercode AI
Image Source:
Pexels
Undercode AI DI v2





