New Data Finds Phishing Attacks Could Impact 82% of the Largest Insurance Carriers

Black Kite’s Cyber Insurance Risk Report Examines Rising Cyber Risk Levels Among Top 99 Insurance Companies

BOSTON–(BUSINESS WIRE)–Black Kite, the leader in third-party cyber risk intelligence, today released A Fight for Coverage: Cyber Insurance Risk in 2022, a report that examines rising cyber risk concerns and ransomware susceptibility in the insurance sector. The most notable takeaway: nearly 20% of the top 99 insurance carriers have a high susceptibility to ransomware.

“The cyber insurance landscape has never been more volatile. Digital supply chains are quickly expanding – putting companies at greater risk for third-party data breaches and ransomware attacks,” said Bob Maley, CSO of Black Kite. “Protecting your business requires thoroughly assessing and continuously monitoring the cyber health of your digital network.”

Software supply chain attacks have increased sharply – up 300% in 2022 since 2021. Forrester predicts 60% of security incidents in 2022 will result from third-party incidents. In the insurance market, third-party vendors rarely meet the insurance requirements established by the companies that hire them.

Black Kite Research analyzed the top 99 insurance companies by net premiums written to better understand their cyber posture and the impact of increasing risk levels. Key findings include:

More than half of the largest insurance carriers are 3x more likely to experience a cyber breach than those with ‘A’ ratings.

1 in 5 carriers are above the critical ransomware threshold of a 0.6 rating, indicating a high level of ransomware susceptibility.

82% of insurance companies analyzed are susceptible to a phishing attack.

Software vendors are the most common source of supply chain attacks, accounting for 25% of all third-party incidents in 2021.

The largest ransom paid by an organization to date was by an insurance company in 2021, totaling just under $40 million. A ripple effect caused higher insurance premiums, reputational damage, and business interruptions. As a result, 100% of underwriters now rank ransomware and supply chain attacks among their top three threats.

“Eighty-five percent of underwriters believe companies should focus on strengthening their cyber security,” said Jeffrey Wheatman, former Gartner analyst and Black Kite’s new Senior Vice President and Cyber Risk Evangelist (SVP CRE). “Insurers are consistently blindsided with risk events that form deep in their digital supply chains. Black Kite’s latest research is a proof point that action needs to be taken to assess third-party risk and plan accordingly.”

Black Kite provides third-party risk intelligence from a technical, financial, and compliance perspective to eliminate false positives and ensure a holistic approach to vendor risk management. In addition to A Fight for Coverage: Cyber Insurance Risk in 2022, Black Kite issues an annual Third-Party Breach Report as well as risk assessment reports on the automotive manufacturing, energy, and federal sectors.

To learn more about Black Kite, visit

About Black Kite

One in four organizations suffered from a cyber attack in the last year, resulting in production, reputation and financial losses. The real problem is adversaries attack companies via third parties, island-hopping their way into target organizations. At Black Kite, we’re redefining vendor risk management with the world’s first global third-party cyber risk monitoring platform, built from a hacker’s perspective.

With 350+ customers across the globe and counting, we’re committed to improving the health and safety of the entire planet’s cyber ecosystem with the industry’s most accurate and comprehensive cyber intelligence. While other security ratings service (SRS) providers try to narrow the scope, Black Kite provides the only standards-based cyber risk assessments that analyze your supply chain’s cybersecurity posture from three critical dimensions: technical, financial and compliance.


Kerry Quintiliani

Corporate Ink for Black Kite