Threat actors leverage cybersecurity gaps from M&A – new report

Threat actors have evolved their tactics in 2024 to exploit business and technology consolidation.

According to Resilience's mid-year 2024 cyber risk report, the surge in mergers and acquisitions (M&A) and the increasing reliance on major software vendors has provided new opportunities for threat actors.

The report released by Resilience is based on data from its threat intelligence team and insurance claims portfolio to analyze trends in hacking activity and industry responses. Key findings include:

• Ransomware remained the leading cause of loss since January 2023, with 64% of ransomware-related claims resulting in a loss. The financial severity of claims related to ransomware attacks increased 411% from 2022 to 2023.
• Ransomware attacks on Change Healthcare and CDK Global, as well as the PanOS zero-day vulnerability, represented 2024’s top claim-driving events so far.
• Of all claims received since January 2023, 35% were due to vendor data breaches or ransom attacks exploiting a third-party vendor. This includes notable vulnerabilities associated with Ivanti software. In 2024, that number is already 40% and expected to grow.
• The BlackCat hacking group—responsible for the Change Healthcare cyber incident—entered 2024 with an existing track record: in 2023, the group topped the list of most costly attacks, with BlackCat attacks accounting for 18% of covered losses from ransomware.
• Two sectors saw the largest increases in claims in 2024: manufacturing and construction. Manufacturing rose from 15.2% of all claims in 2023 to 41.7% of all claims in 2024; while construction rose from 6.1% of 2023 claims to 25.0% of 2024 claims.

The report also noted that global M&A deal volume grew 36% in the first quarter of 2024. The interconnected nature of modern business systems and the acquisition of new companies have only amplified the impact of these cyberattacks.

Similarly, the consolidation of technology, where industries rely on single suppliers for critical services, can lead to catastrophic consequences if a breach occurs. Impacted organizations typically face business interruption and lost revenue in addition to potential ransom payments.

“Major attacks like the ones on Change Healthcare, CDK Global, and AT&T have been wreaking havoc and making headlines, but they also remind us that we’re facing a new status quo. Increased vendor interdependence and M&A activity have created an unprecedented opportunity for hackers, with far more points of failure and potential for human error,” said Vishaal “V8” Hariprasad, co-founder and CEO of Resilience.

Resilience's global head of claims, Tom Egglestone, stressed that cybersecurity can no longer be treated as a mere budget item. Instead, he highlighted a risk-centric approach, especially one where security strategies are aligned with the financial implications of cyber threats.

Do you have something to say about Resilience’s findings and the link between M&A and cybersecurity vulnerabilities? Please share your comments below.