Blog Post

Kovrr's Top 9 Cyber Loss Scenarios: A Year In Review

January 8, 2025

Resources
/
Blog
/
Kovrr's Top 9 Cyber Loss Scenarios: A Year In Review
Table of Contents
H2
H2
H2

TL;DR

  • In early 2024, Kovrr identified the cyber loss scenarios most likely to impact the market financially, listing events from data breaches to ransomware attacks and highlighting specific attack vectors that would be exploited. 
  • All of these loss scenarios materialized, underscoring the potential that data-driven forecasts can have in guiding effective cyber risk management and high-level strategic planning. 
  • UnitedHealth’s Change Healthcare unit experienced a major business interruption, derailing critical healthcare services and leading to billions in projected financial losses.
  • Not all cyber events are malicious in nature, and even faulty routine updates, like with CrowdStrike’s Falcon security software in July, can lead to significant losses if tailored incident response plans have not been established.
  • Other high-profile incidents this year, such as breaches at Okta and Snowflake, highlight the cascading effects of supply chain vulnerabilities. 
  • Business email compromise (BEC) scams and credential theft have proven particularly costly, even for large enterprises that have invested heavily in cybersecurity measures.  
  • While understanding these market-wide financial impacts is valuable for high-level discussions, tailored cyber risk quantification assessments are still essential, equipping leaders with the insights necessary to manage their organization’s specific financial exposure levels.

Analyzing the Cyber Risk Landscape in 2024

While each organization faces its own unique set of cyber risks that must be carefully assessed and managed in order to reach a state of resilience, certain events are nearly inevitable in today's threat environment, having the potential to create damaging ripple effects across the global market. Early in 2024, Kovrr's cyber risk quantification models identified these potential cyber incidents and loss scenarios most likely to impact organizations worldwide in the upcoming year.

Now, with 2024 over, it's possible to see how these anticipated scenarios played out in the real world and assess the influence they had on the broader cyber risk landscape. 

Speak to an Expert to Learn More

Cyber Risk Scenario 1: Data Breach

In April 2024, one of the most consequential data breaches to date occurred when the cyber attack group USDoD infiltrated background-check enterprise Jerico Pictures, operating as National Public Data, and compromised 2.9 billion data records pertaining to millions of individuals living in the USA, UK, and Canada. The stolen information contained, among other details, social security numbers, credit cards, home addresses, and names of deceased relatives.

The news finally went public four months later when plaintiff Christopher Hofmann filed a lawsuit against Jerico Pictures on behalf of himself and several other individuals, claiming that he received a notification that his identity had been swiped and demanding that Jerico purge all of the information relating to those who fell victim to the attack. Currently, there is no law in the United States preventing agencies like Jerico from scraping and selling this data at will. 

Other major data breaches this year occurred at:

  • Live Nation Entertainment: Ticketmaster’s parent company, Live Nation, filed a disclosure with the US SEC in May 2024, claiming to be investigating a data breach in which attackers had allegedly stolen the information of more than 560 million customers. 
  • Roku Incorporated: Streaming television company Roku suffered from a data breach in March 2024, with over half a million customers having their data compromised in the attack. Hackers gained access using a credential-stuffing technique.

Cyber Risk Scenario 2: Ransomware

As a consequence of the enormous Snowflake cyber attack, telecommunications giant AT&T fell victim to a ransomware incident that had them paying roughly $370 thousand in cryptocurrency to notorious attack group ShinyHunters to avoid stolen data from being leaked. The data supposedly included extensive call and text message records, which, although they did not include the names of the millions of customers affected, could have easily been linked back. 

US-based online pharmacy and store Rite Aid also faced a cyber incident perpetrated by a ransomware gang in 2024. On the dark web, this gang claimed to have stolen 10 gigabytes of data that included extensive customer information. However, company spokespeople did not say whether the requested ransom had been paid. 

Panera Bread officials, although having been similarly quiet in the wake of their own ransomware incident in March, are rumored to have paid off their attackers. 

Cyber Risk Scenario 3: Business Interruption

Change Healthcare was forced to shut down operations in February 2024 after the parent company, UnitedHealth Group, was successfully infiltrated by the ransomware gang BlackCat. Change typically processes 1.25 billion medical transactions per month, serving 141 million patients and 67 thousand pharmacies. However, in the wake of the event, the majority of its customers were forced to complete these transactions manually, causing substantial resource waste and widespread disruption across the national healthcare sector. 

As of October 2024, UnitedHealth estimates that the costs of the Change Healthcare IT unit business interruption alone, due to the event, will reach $2.9 billion by the end of the year, making it one of the most expensive cyber incidents ever. Despite this setback, UnitedHealth’s revenue grew by $101 billion, demonstrating that the long-term consequences of a cyber incident may not be as catastrophic as they appear in the short term. 

Additional organizations that suffered business interruptions caused by cyber events in 2024 include:

  • MoneyGram: In September, after receiving several customer complaints, global digital payment organization MoneyGram announced that a cybersecurity incident had caused major network outages. Over 50 million people use MoneyGram annually. 
  • Duvel Brewery: Belgian brewery Duvel was forced to shut down production at four of its brew sites, three in Belgium and one in the USA, in March 2024 after falling victim to a ransomware attack. Thanks to robust incident alert protocols, however, executives were able to do so with minimal damage to revenue streams. 

Cyber Risk Scenario 4: Direct Financial Theft

While not all cyber events stem from profit-driven intentions, incidents involving direct theft are ones in which malicious actors clearly focus on monetary gains - and 2024 still saw plenty of these types of attacks.

  • Indodax: One of Indonesia’s largest cryptocurrency trading applications had $22 million stolen in early September 2024 due to a “security issue.” Although the Jakarta-based company promised to reimburse its affected customers, the incident has nevertheless dealt a material blow that will erode not only profits but also brand reputation. 
  • Johnson County Board of Education: A school district in northeastern Tennessee wired upwards of $3 million to an online fraudster this year claiming to be an associate with Pearson, a multinational educational company selling online courses, textbooks, and learning platforms. Fortunately, the US Secret Service recovered the majority of those funds. 
  • Radiant Capital: The blockchain lending platform was hacked twice in 2024, the first time in January, during which it lost $4.5 million. Most recently, in October, Radiant was hit by a private key compromise that resulted in the loss of $58 million in user assets. While the investigation of the incident is still ongoing, Radiant officials believe that key holder employees were targeted in phishing scams. 

Cyber Risk Scenario 5: Phishing Incidents

One of the major phishing incidents of the year occurred in February at European retail giant Pepco Group. Soon after the attack, officials disclosed that they had lost approximately $16.5 million in cash and were not very optimistic about recovery. The spokesperson also underscored the attack’s “sophistication.” Although it took place before the EU’s NIS2 Directive went into effect, this is the type of significant incident that no doubt regulators expect to be disclosed.

The British postal service, Royal Mail, also found itself the subject of a phishing campaign, with cyber attackers delivering Prince ransomware to unsuspecting recipients. According to officials, the goal of the campaign seemed to be purely “destructive.” Other prominent corporations that were used as phishing campaign subjects include Microsoft, Google, and LinkedIn. Indeed, with the rise of generative AI, these types of attacks are only going to become more widespread and believable. 

Cyber Risk Scenario 6: Third-Party Service Provider Outage

The most infamous cyber event of 2024 was the result not of malicious intent but of third-party service provider CrowdStrike’s faulty software update, causing more than 8.5 million Microsoft Windows machines to crash. Airlines, banks, broadcasting corporations, and healthcare institutions, among other businesses, were rendered inoperative, resulting in the market loss of billions of dollars. Kovrr found that the total cost to the UK economy alone likely fell between $2.18 and $2.96 billion.

Many speculate that, while avoiding such an event is entirely unfeasible, the damage was so widespread due to a lack of business continuity planning for such a loss scenario. In the wake of the outage, there has been a resurgence of calls for businesses to leverage on-demand solutions such as cyber risk quantification to assess their unique susceptibility to systemic cyber risks, using this data-driven understanding to plan accordingly.

Request a Free Demo Today

Cyber Risk Scenario 7: Third-Party Service Provider Data Breach

Identity and access management company Okta made headlines in late 2023 when it suffered from a massive data breach that affected virtually 100% of its customers, including global corporations such as FedEx, Zoom, and Hewlett-Packard. However, the company was breached yet again in April 2024, warning its clients in May that the security team observed "endpoints used to support CIC's cross-origin authentication feature...being attacked."

Around the same time, Snowflake, a cloud-based data storage vendor, also experienced a data breach that ended up impacting more than 100 of its clients, several of which were reported to have suffered multi-million dollar losses. These incidents, on top of the CrowdStrike outage, heavily underscore the cascading impact that supply chain cyber events can have on the global market, disrupting operations, eroding trust, and leading to significant financial fallout for dependent organizations.

Cyber Risk Scenario 8: Employee Credential Theft

Both the Okta and Snowflake third-party service provider breaches were a result of credential stuffing, an attack method in which malicious users amass leaked account credentials publicized on the dark web from previous, unrelated data breaches and then subsequently use that information to gain access to different systems. It's a particularly effective strategy, considering the propensity of employees to reuse usernames and passwords across various applications.

This widespread habit of password reuse significantly raises market cyber risk levels, especially in sectors that are found to have high shares of compromised credentials, like the Services industry. According to Kovrr's research on compromised credentials, attackers will often exploit this data linked to internet-exposed assets, allowing them to bypass initial defenses. Although larger organizational breaches can cause more overall damage, smaller organizations, understandably, are more vulnerable due to fewer resources allocated to cybersecurity, making credential theft a prime entry point for large-scale breaches.

Other companies that fell victim to cyber events this year due to compromised credentials include:

  • Advanced Auto Parts 
  • Ticketmaster
  • Schneider Electric
  • General Motors
  • Levi’s

Cyber Risk Scenario 9: Business Email Compromise (BEC) Scams

This form of phishing is particularly insidious, as the scammer capitalizes on authority biases, impersonating high-level or otherwise influential employees in an attempt to persuade the unsuspecting victim into performing the desired action, such as transferring money or granting them access to a privileged system. Unfortunately, in August 2024, a non-executive employee at Orion, a Luxembourg-based carbon black supplier, was the object of such a scam.

The employee ended up wiring about $60 million to cyber criminals (roughly 3% of the company’s annual revenue), and despite operations not being disrupted at all, the company still disclosed the incident to the US SEC. While they ultimately did not determine the event to be “material,” the sheer scale of loss nevertheless demonstrates how a single successful BED scam can have substantial financial repercussions, even in large organizations that typically have more robust cybersecurity programs. 

The Criticality of Calculating the Costs of Cyber Event Loss Scenarios

Cyber events and the ways in which they play out vary widely, with threat actors leveraging different attack vectors to gain a foothold in an organization's systems to either exploit it for financial gain or to simply wreak havoc. At times, these incidents may not even be malicious in nature, as with the CrowdStrike outage, which was caused by an automatic update glitch rather than a deliberate attack. 

While understanding the broader market-wide costs is essential for strategic planning and higher-level discussions, CISOs and other cybersecurity leaders must, in order to achieve a state of resilience, assess their unique exposure to each of the specific loss scenarios. Tailored incident response and mitigation programs are crucial for managing such risks effectively and safeguarding the organization against unnecessary losses.

Calculating the Costs With Kovrr

Kovrr’s on-demand cyber risk quantification platform delivers the precise insights organizations need for this tailored resilience planning. With Kovrr’s CRQ solution, leaders gain a clear understanding of their specific incident exposures, enabling them to prepare effectively for potential financial impacts in the year ahead.

For more information about your company’s unique financial exposure, schedule a free demo with one of our experts today.

Hannah Yacknin-Dawson

Cybersecurity Marketing Writer

Download E-Book

Speak to an Expert
No items found.
More Blog Posts
Explore All Blog Posts
Read More

December 2, 2024

CRQ Model Update Increases Statistical Significance With 25,000 Trials

Kovrr releases the latest model update, which increases Monte Carlo trials by 150%!

Read More

November 11, 2024

9 Cyber Risk Management Trends in 2025 Every Business Should Know

The cyber risk management landscape evolves quickly. It's crucial to keep up with these changes with data-driven tools like CRQ.

Read More

October 22, 2024

The Cybersecurity Metrics That Matter Most in the Boardroom

CISOs offer their insights regarding the cybersecurity metrics and KPIs that resonate the loudest with board members.

Industry Recognition

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

© 2023 Kovrr. All rights reserved.
Privacy-Shield-NoticePrivacy-PolicyTerms of Use
Design by Streetlight