CeFPro Connect

Article
Third-Party Cyber Risks Drive Surge in Insurance Claims, Report Finds
Third-party cyber risks are now a leading cause of insurance claims, with a Resilience report finding they accounted for 31% of client claims and nearly a quarter of material losses in 2024. Ransomware attacks on vendors proved to be the most damaging, contributing to 42% of third-party claims and 62% of total incurred losses. As businesses and insurers adjust their strategies, the findings underscore the need for stronger vendor risk management and proactive cybersecurity measures.
Mar 10, 2025
Tags: Industry News Vendor and Third Party Risk Insurance
Third-Party Cyber Risks Drive Surge in Insurance Claims, Report Finds
The views and opinions expressed in this content are those of the thought leader as an individual and are not attributed to CeFPro or any other organization
  • Third-party cyber risks accounted for 31% of insurance claims and 23% of material losses in 2024.
  • Ransomware attacks on vendors were the most significant source of third-party financial loss.
  • Every third-party insurance claim resulted in an incurred loss, showing the severity of the risk.
  • Ransomware accounted for 62% of all losses, targeting supply chains and legacy systems.

Newsletter - in-text

Third-party cyber risks have become a dominant factor in insurance claims in 2024, highlighting the growing vulnerabilities created by interconnected business ecosystems.

A new report from cyber risk management firm Resilience reveals that third-party risks accounted for 31% of client insurance claims and nearly a quarter of material losses last year.

The findings underscore an industry-wide tipping point, with ransomware attacks on vendors emerging as the most significant source of financial loss.

According to Resilience CEO Vishaal Hariprasad, businesses can no longer afford to view their partners' vulnerabilities as separate from their own. The report emphasizes that these risks are often invisible until damage has already occurred, making proactive risk management essential.

The increasing reliance on outside vendors has exposed organizations to new threats, with ransomware attacks accounting for 42% of all third-party-related claims.

Notably, every third-party claim resulted in an incurred loss, underscoring the severity of the issue. Additionally, some losses from 2024, such as the widespread business disruption caused by the CrowdStrike outage, have yet to be fully realized.

Ransomware maintained its position as the top cyber threat, responsible for 43% of first-party incidents and 18% of total incurred claims from third-party vendors.

Cybercriminals continue to exploit weak links in supply chains, making vendor-based ransomware attacks a lucrative strategy. In total, ransomware was linked to 62% of all incurred losses, reflecting the scale of its impact across industries. 

Legacy systems, critical infrastructure vulnerabilities, and supply chain weaknesses were major contributing factors to these incidents, with sectors like healthcare and manufacturing proving particularly susceptible due to their reliance on outdated technology and the severe consequences of operational downtime.

In response to the rising threat landscape, businesses are refining their vendor selection processes, while insurance providers adjust their policies to account for the growing financial risks.

The shift highlights a fundamental change in how cyber risk is perceived, with organizations increasingly recognizing that their security is only as strong as that of their partners. 

Regulatory scrutiny is also expected to increase as authorities seek to address the systemic risks posed by supply chain vulnerabilities.

The findings reinforce the urgent need for companies to adopt a more comprehensive approach to cyber risk management.

Much like the corporate world has seen reversals on commitments in other industries – such as BP scaling back its climate targets – cybersecurity strategies must evolve in response to changing conditions.

Sign in to view comments