Skip to main content
Risk Management

Cyber criminals cashing in big on ransomware, M&A

Ransomware attacks have gotten absurdly more expensive.
article cover

Erhui1979/Getty Images

less than 3 min read

News built for finance pros

CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.

The financial consequences of cyberattacks keep on skyrocketing.

In a new report chock full of things for risk-minded business leaders to worry about, cyber insurer Resilience noted that nearly half (48%) of the claims it received in 2023 involved ransomware. A majority (64%) of ransomware claims resulted in a loss, and the financial toll of those claims “went up dramatically” by 411% (!) over the previous year, the firm noted.

But attackers’ ransom demands weren’t the reason these attacks were so costly. Under 10% of Resilience clients paid extortion fees. Instead, “increasing costs to recover from ransomware attacks” are to blame, according to the report.

Merge with care. As pesky as they are, cyber criminals deserve credit for their ingenuity. They’re always finding new and creative ways to wreak havoc on organizations.

Threat actors are cashing in on the recent uptick in M&A activity by targeting business and technology consolidation processes. “Industries rely on single suppliers for critical platform services,” which opens up “a staggering number of potential new points of failure for hackers to exploit,” according to the Resilience report, which also notes that some of this year’s biggest incidents so far involved integrated tech systems or recently acquired organizations.

In fact, Resilience found that “vendor-driven claims” are both the fastest-growing type of claims it’s seeing and the fastest-growing cause of loss for insureds. More than a third (35%) of claims last year stemmed from vendor failure, a number that’s up to 40% so far this year “and expected to grow.”

Show some respect. A Resilience expert urged organizations to give cybersecurity risk the respect it deserves.

“While cybersecurity has historically been considered as a line item in a company’s budget, it’s clear that this is insufficient,” Tom Egglestone, global head of claims at Resilience, said in the report. “Business leaders must adopt a risk-centric approach—one in which security strategies are grounded in the financial translation of cyber threats.”

This jibes with what a cyber expert told CFO Brew in May: Finance leaders aren’t “having productive conversations to guide priorities and investments in cybersecurity,” Paul Proctor, distinguished VP analyst at Gartner, said.

News built for finance pros

CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.