Why more M&A means more cyberattacks

Cybercriminals are using increased mergers and acquisitions (M&A) activity in the first half of 2024 to exploit security gaps and intensify cyberattacks, according to a new report from cyber insurance provider Resilience.

“Increasing merger and acquisition (M&A) activity, coupled with reliance on ubiquitous software vendors, created new opportunities for threat actors to unleash widespread ransomware campaigns — all by taking advantage of heightened third-party risk and deep industry interdependency,” says Resilience’s Midyear 2024 Cyber Risk Report, released Monday.

“Rebounding M&A activity and increasing technology consolidation — in which industries rely on single suppliers for critical platform services — both created a staggering number of potential new points of failure for hackers to exploit.”

In fact, some of the past year’s most devastating cyber incidents involved heavily interconnected systems of recently acquired companies, Resilience says in the report. “Two of the top three events are the result of ransomware attacks directly on clients or on the vendors of clients.”

One high-profile cyber incident was the CDK Global attack, an Illinois-based company that provides software for several auto dealers across Canada and the U.S.

And the CrowdStrike outage in July, while not the result of a cyberattack, affected millions of Microsoft devices. It serves as a “stark reminder of the fragility and risk in the technology ecosystem,” Resilience says. Global insured losses from that software update error could be in the range of US$300 million and US$1 billion, reinsurance broker Guy Carpenter estimated at the time.

Vendor-driven claims are the fastest-growing area of claims in Resilience’s portfolio, and are now the fastest-growing cause of loss for claims overall in the cyber MGA’s portfolio. Thirty-five per cent of claims originated in a vendor failure in 2023 (from less than 20% in 2022); this year, that number is already 40% and expected to grow.

“No matter how effectively a company defends its own digital environment, businesses are interconnected and interdependent on the cyber resilience of others,” the MGA says.

As always, ransomware is driving heavy losses. It remains Resilience’s leading cause of loss since January 2023, with 64% of ransomware-related claims resulting in a covered loss. Almost half (48%) of Resilience’s claims in 2023 were related to ransomware, and the severity of loss for ransomware claims has increased 411% between 2022 and 2023.

In general, the frequency of attacks for Resilience picked up slightly in the first half of 2024, with a 2.2% increase in total claims from the first half of 2023 versus 2024.

Feature image by iStock.com/Sashkinw