Using end-of-life software ‘increases risk of cyber claim’

Companies that continue to use software after support has been withdrawn by the developer are three times more likely to make a cyber claim, Coalition says

Companies who continue to use end-of-life software after their developers withdraw support for them are three times more likely to make a cyber claim, according to new research from cyber insurtech Coalition.

The latest edition of Coalition’s Cyber Claims Report also shows that policyholders who have just a single unresolved critical vulnerability are 33% more likely to experience a cyber claim, with human error or inaction being listed as the most exploited attack vector.

Phishing accounted for 76% of reported incidents, more than six times greater than the next most popular attack technique. Overall, phishing-related claims have increased by almost 30% since the beginning of 2022. This coincided with a 54% reduction in the frequency of ransomware attacks from 2021 to 2022, and a 17% decrease in the frequency of all claims over the same period.

The research appears to suggest that growing awareness of cybersecurity issues is making it harder for cyber criminals to find a route to attack – but that oft-overlooked vulnerabilities, like expired software, continue to leave the door open for attackers.

‘2FA would have stopped majority of phishing attacks’

Catherine Lyle, Coalition’s Head of Claims, says: “Threat actors are forever looking for targets with weak security controls or unprotected infrastructures; these are the paths of least resistance into a company’s network. Unfortunately, that’s why human inaction, such as not patching a publicised critical vulnerability or updating out-of-date software, is a high risk factor for a cyber incident or cyber claim.

Lyle says that there is a simple security measure that companies can introduce to make it harder for scammers to gain access to a network.

“Setting up multi-factor authentication is one of the best ways to prevent attackers from getting into an organisation’s network because it provides the person protection even when security is not top of mind. For the majority of Coalition’s phishing-related cases, multi-factor authentication would have stopped access and prevented a claim.”

Founded in 2017 by John Herring and Joshua Motta, Coalition offers so-called ‘active insurance’ that monitors businesses for security weaknesses and encourages clients to take a proactive approach to their cybersecurity setup. The company has raised over US$600mn since the beginning of 2021 and announced big-name partnerships with the likes of Allianz, Bluevine and Armorblox.


Featured Articles

Milliman Arius: Reserve Analysis with an End-to-End Solution

Insurers face risks and errors with current reserve analysis methods – and Arius provides the answer

Allstate: BCG Partner Harnesses Gen AI to Transform CX

Allstate and BCG are harnessing Gen AI via a new model to better understand customer needs and improve overall experiences within the insurance sector

Comarch Diagnostic Point: Next Gen European Health Insurance

Healthtech provider Comarch introduces Comarch Diagnostic Point, set to improve health insurance across European markets

MoneyLIVE Summit 2024: Qover Talks Embedded Insurance


Ansel raises US$20m to combat financial healthcare barriers

Partner Ecosystems

Hastings Direct: Levelling up with Snowflake