Business and tech consolidation opens doors for cybercriminals

Cyber threats continued to intensify in the first half of 2024 as cybercriminals exploited security gaps from growing business and technological consolidation, according to Resilience.

Consolidation in business and tech fuels new third-party risks

Rebounding merger and acquisition (M&A) activity and increasing technology consolidation—in which industries rely on single suppliers for critical platform services—both created a staggering number of potential new points of failure for hackers to exploit.

Global M&A deal volume increased 36% in the first quarter of 2024. While this growth can be seen as a sign of positive economic development, it can also create a staggering number of potential new points of failure.

Similarly, technology consolidation—in which industries rely on single suppliers for critical platform services—have proven to lead to catastrophic effects downstream if a single supplier is breached. In addition to potential ransom payments, impacted organizations typically face significant business interruption and lost revenue.

High-profile cyber incidents like Change Healthcare and CDK Global illustrated that an attack on a heavily interconnected system can have devastating, long-lasting effects downstream —even to the point of putting an entire economic system on hold. The CrowdStrike outage in July 2024 was not itself the result of a cyberattack, but it serves as a stark reminder of the fragility and risk in the technology ecosystem.

The BlackCat hacking group—responsible for the Change Healthcare cyber incident—entered 2024 with an existing track record: in 2023, the group topped the list of most costly attacks, with BlackCat attacks accounting for 18% of covered losses from ransomware.

“Major attacks like the ones on Change Healthcare, CDK Global, and AT&T have been wreaking havoc and making headlines, but they also remind us that we’re facing a new status quo. Increased vendor interdependence and M&A activity have created an unprecedented opportunity for hackers, with far more points of failure and potential for human error,” said Vishaal Hariprasad, CEO of Resilience.

“Now more than ever, we need to rethink how the C-suite approaches cyber risk. Businesses are interconnected like never before, and their resilience now depends on that of their partners and others in the industry,” Hariprasad added.

Ransomware escalates losses, boosts recovery costs

Ransomware remained the leading cause of loss since January 2023, with 64% of ransomware-related claims resulting in a loss. The financial severity of claims related to ransomware attacks increased 411% from 2022 to 2023.

Some of the past year’s most devastating cyber incidents involved heavily interconnected systems or recently acquired companies. Vendor-driven claims are the fastest-growing area of claims and are now the fastest-growing cause of loss for claims overall. In 2023, 35% of claims originated in a vendor failure, and in 2024, that number is already 40% and expected to grow.

Of all claims received since January 2023, 35% were the result of a vendor data breach or ransom attack exploiting a third-party vendor—including notable vulnerabilities associated with Ivanti software—and in 2024 that number is already 40%, and expected to grow.

Two sectors saw the largest increases in claims in 2024: manufacturing and construction. Manufacturing rose from 15.2% of all claims in 2023 to 41.7% of all claims in 2024; while construction rose from 6.1% of 2023 claims to 25.0% of 2024 claims.

“While cybersecurity has historically been considered as a line item in a company’s budget, it’s clear that this is insufficient,” said Tom Egglestone, global head of claims at Resilience.

“Business leaders must adopt a risk-centric approach—one in which security strategies are grounded in the financial translation of cyber threats,” Egglestone concluded.