Introducing the 2023 Coalition Cyber Threat Index
Five years ago, my journey with scanning the internet began.
After joining forces with Coalition and integrating our data into the company's underwriting and risk selection process, I decided to make it my goal to improve cyber insurance underwriting using internet-scanning technology. But, as digital risks continued to evolve, so did our understanding of a company's risk — and their willingness to make better risk mitigation decisions.
Helping our customers has always been a top priority, so it was a no-brainer to share our scanning data with them. Today, we have more mid-market customers than ever. Many of them have a wide breadth of assets and technologies that they use, but still limited resources to patch vulnerabilities and defend against attackers.
To that end, I'm excited to take the next step in my journey to provide our customers — and for the first time, our industry peers and security leaders — with a clear picture of the cyber risk landscape.
Our first-ever Coalition Cyber Threat Index coalesces our entire internet scanning dataset to provide a holistic view of the risks and security trends organizations have faced throughout 2022 and those they must be mindful of in 2023.
Why internet scanning is critical for risk selection
While this may seem counterintuitive, cyber insurance companies aren’t in the business of underwriting secure companies — they're in the business of writing companies that don't have claims.
Eradicating risk at scale is, unfortunately, an unsolvable goal. Why? Because cyber is constantly changing. Threat actors change attack tactics, new vulnerabilities are discovered, and the pace of technology marches forward.
Coalition uses all of its capabilities, which include proprietary claims data, internet scanning, and threat intelligence data, to create a granular and accurate view of the risk it covers. This method for underwriting leads to high-quality results on loss ratio and gross written premium (GWP) growth.
Vulnerabilities will grow, making management essential
Vulnerabilities will only proliferate The good news: not all of them will materially impact your organization. Risk management is a skill that will become extremely important for everyone in the cyber insurance chain as we tackle a growing number of threats with limited resources.
Key findings from Coalition’s Cyber Threat Index include:
The number of vulnerabilities will increase by 13% from 2022 to 2023, and we predict 1,900 new vulnerabilities
Threat actors still commonly scan and exploit insecure technologies to gain unauthorized access
94% of organizations scanned in the last year have at least one unencrypted service exposed to the internet
Organizations should prioritize patching and follow regular upgrade cycles
We produced the Cyber Threat Index to give organizations a comprehensive view of the cyber threat landscape, including vulnerability trends broken down by industry and threat actor behaviors that span over 22,000 events and multiple geo-distributed IP addresses.
By understanding the full scope of vulnerabilities, and not all pose an immediate risk, organizations can make effective decisions to mitigate the vulnerabilities that pose the greatest threat to their operations.
Deepen your knowledge of the cyber landscape
Scanning and correlating data across 5.2 billion IP addresses — a number that comprises the entire IPv4 address space and relevant IPv6 addresses — is no easy task.
Yes, Coalition is an insurance company, but we are also a really good security company. Our deep knowledge of internet scanning and honeypots allows us to cut through the noise surrounding vulnerabilities and determine if something is critical for organizations to address, or if it may be overblown.
With the 2023 Coalition Cyber Threat Index we are providing these insights for 2022 back to customers and the industry for free.