Third-party attacks emerged as a significant driver of material financial losses from cyber incidents in 2024, according to cyber risk management firm Resilience.

Third-party risks made up 31% of all client insurance claims and 23% of material losses last year. This marks a significant change from 2023, when no third-party claims led to material losses for Resilience clients.

“This shift underscores the growing vulnerabilities created by interconnected systems and reliance on external vendors in 2023,” the firm wrote in a report dated February 27.

Ransomware the Biggest Cause of Losses

Ransomware attacks targeting vendors made up 42% of the third-party claims, with losses from these incidents rising four-fold compared to 2023. The attack on automotive software firm CDK, which impacted thousands of car dealerships across the US and Canada, is an example of a ransomware attack on a vendor that financially impacts customers.

Vendor security failings, including the CrowdStrike global outage in July 2024, made up 4% of all material claims. Not all the claims arising from this incident have been fully developed, Resilience noted.

The company said that this trend is driving insurance companies to adjust their underwriting practices regarding third-party risk.

Overall, ransomware held its position as the top cause of material losses for businesses from 2023 to 2024. First-party ransomware incidents made up 44% of client ‘s material claims, while ransomware targeting vendors contributed to 18% of such claims.

Altogether, 62% of claims with losses were related to ransomware.

Despite these figures, the researchers noted that there are indications that ransomware frequency may be declining in broader markets.

“This is likely due to threat actors focusing on larger, high-profile organizations that yield bigger payouts, as opposed to the previous “spray and prey” approach,” they said.

Phishing Claims Fall Significantly

Phishing-related cyber incidents made up 9% of incurred claims in 2024, representing a 55% fall compared to 2023.

The researchers believe this trend is a reflection of improvements in phishing defenses and the shift towards third-party attacks.

There was a marked increase in transfer fraud claims, making up 18% of claims in 2024 compared to 14% in 2023.

Transfer fraud is where a scammer tricks a person into transferring them money using psychological manipulation. Resilience said it has observed scammers’ use of AI to scale such social engineering campaigns, resulting in increased susceptibility and higher success rates.

“As transfer fraud continues to grow, organizations must strengthen internal controls, educate employees on fraud prevention, and implement more robust verification processes for financial transactions,” the firm commented.