Analysis Finds That Factors Such as Dark Web Market Listings, Forum Posts, and Dark Web Traffic to an Organization Increase the Risk of a Cyber Insurance Claim
London & Washington D.C., 23 September 2024
Searchlight Cyber, the dark web intelligence company, today published the results of a study with the Marsh McLennan Cyber Risk Intelligence Center, which shows that the presence of any data relating to an organization on the dark web demonstrably increases its risk of a cyberattack. To coincide with the study, Searchlight has also launched a supporting Dark Web Risk Report, which is a free resource that organizations can use to view their dark web exposure and the corresponding risk, based on an analysis conducted by the Cyber Risk Intelligence Center.
The Center analyzed Searchlight’s dark web dataset against a sample of 9,410 organizations with an overall breach rate of 3.7 percent from 2020 to 2023 to determine whether there was a correlation between data breaches and findings on the dark web in the year before the incident. The study – The Correlation Between Dark Web Exposure and Cybersecurity Risk – found that all nine of Searchlight’s dark web intelligence sources are correlated to increased cybersecurity risk:
Intelligence Source |
Increased Likelihood of a Cyber Incident |
|
Compromised Users |
Compromised accounts on the dark web related to an organization. |
2.56x |
Dark Web Market Listings |
The mention of the organization or data related to the organization on a dark web market. |
2.41x |
Outgoing Dark Web Traffic |
Traffic originating from the organization’s network and connecting to the dark web. |
2.11x |
OSINT Results |
Assets related to an organization that have been identified on the dark web. |
2.05x |
Paste Results |
The mention of an organization or data related to an organization on plain-text repositories. |
1.88x |
Telegram Chats |
The mention of the organization or data related to the organization on Telegram. |
1.75x |
Incoming Dark Web Traffic |
Traffic originating from the dark web and connecting to an organization’s infrastructure. |
1.63x |
Forum Posts |
The mention of the organization or data related to the organization on a dark web forum. |
1.58x |
Dark Web Pages |
The mention of an organization or data related to an organization on a dark web site. |
1.29x |
The study also included a multi-variable analysis, which showed that combining multiple dark web sources provides a stronger indication of increased cyber risk. Paste Results, OSINT Results, and Dark Web Market Listings were found to be the most correlated to cyber insurance loss frequency in conjunction with other factors.
Ben Jones, Co-Founder and CEO of Searchlight Cyber commented: “The core finding of Marsh McLennan’s analysis is that any data related to your organization on the dark web is highly correlated with your chance of a cyberattack. Cybercriminals plan their attacks on dark web forums, marketplaces, and in hidden communication channels, and the study has quantified the risk of each of these areas of dark web exposure for the first time.
“If security teams can identify their exposure on the dark web they have a huge opportunity to proactively act, adjust their defenses, and effectively stop attacks before they are launched by cybercriminals. The first step is to gain visibility: to understand where the threat on the dark web is coming from, where the organization is being targeted, and continuously monitor to give themselves the best chance of identifying and stopping a cybersecurity incident.”
Following the study, Searchlight and the Marsh McLennan Cyber Risk Intelligence Center will collaborate to help organizations unlock the value of dark web intelligence in determining and mitigating the risks against their business.
Scott Stransky, Managing Director and Head of the Marsh McLennan Cyber Risk Intelligence Center, said:
“Historically the insurance industry has focused on data from within an organization, such as questionnaires, along with outside-in technographic scans for determining cybersecurity risk. While this data is extremely valuable, ignoring dark web factors external to the organization’s network leaves the industry with a blind spot around who could be targeting the organizations they insure and the resources those cybercriminals possess to execute their attacks.
“Our analysis of the dark web intelligence market found that this dataset is highly correlated with cyber insurance loss frequency and that external threat factors are correlated with cybersecurity incident frequency.”
Additional information:
● Download the report The Correlation Between Dark Web Exposure and Cybersecurity Risk for the full findings of the study.
● Apply here for a free Dark Web Risk Report to see the dark web exposure of your organization and the risk of a cyber incident determined by the Marsh McLennan Cyber Risk Intelligence Center’s study.
ENDS
Methodology
The Marsh McLennan Cyber Risk Intelligence Center studied whether there was a correlation between data breaches and findings on the dark web for organizations a year before the breach, as collected by Searchlight Cyber. The study involved 9,410 organizations with an overall breach rate of 3.7 percent from 2020 to 2023. It consists of a single-variable analysis, examining the impact of findings in dark web intelligence sources one-by-one, and a multi-variable analysis, examining the impact of findings in dark web intelligence sources jointly. The Marsh McLennan Cyber Risk Intelligence Center is Marsh McLennan’s enterprise-wide cyber data, analytics, and modelling center of excellence.
Download the report – The Correlation Between Dark Web Exposure and Cybersecurity Risk – for the full findings of the study.
About Searchlight Cyber
Searchlight Cyber provides organizations with relevant and actionable dark web intelligence, to help them identify and prevent criminal activity. Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks.