The more an organization’s data is found on the dark web the more likely it will experience a cyberattack.
Searchlight Cyber, a dark web intelligence company, delivers the news in a new study released in cooperation with the Marsh McLennan Cyber Risk Intelligence Center this week. To coincide with the study, Searchlight also launched a supporting “Dark Web Risk Report." Organizations can use this free resource to view their dark web exposure and the corresponding risk, based on an analysis conducted by the Cyber Risk Intelligence Center.
The dark web is a critical area of security for MSSPs, as they monitor it for signs of potential attacks on their clients. Many organizations rely on MSSPs to safeguard sensitive data, but if this data is leaked or sold on the dark web it can lead to data breaches, financial losses and reputational damage. Cybercriminals often sell or share stolen credentials, malware or exploits on the dark web before an attack is executed.
How Dark Web Exposure Increases Risk of a Security Incident
Marsh McLennan analyzed Searchlight’s dark web dataset against a sample of 9,410 organizations with an overall breach rate of 3.7% from 2020 to 2023. The research determined whether there was a correlation between data breaches and findings on the dark web in the year before the incident.
The study, “The Correlation Between Dark Web Exposure and Cybersecurity Risk,” found that all nine of Searchlight’s dark web intelligence sources are correlated to increased cybersecurity risk:
| Intelligence Source | Increased Likelihood of a Cyber Incident | |
| Compromised Users | Compromised accounts on the dark web related to an organization. | 2.56x |
| Dark Web Market Listings | The mention of the organization or data related to the organization on a dark web market. | 2.41x |
| Outgoing Dark Web Traffic | Traffic originating from the organization’s network and connecting to the dark web. | 2.11x |
| OSINT Results | Assets related to an organization that have been identified on the dark web. | 2.05x |
| Paste Results | The mention of an organization or data related to an organization on plain text repositories. | 1.88x |
| Telegram Chats | The mention of the organization or data related to the organization on Telegram | 1.75x |
| Incoming Dark Web Traffic | Traffic originating from the dark web and connecting to an organization’s infrastructure. | 1.63x |
| Forum Posts | The mention of the organization or data related to the organization on a dark web forum. | 1.58x |
| Dark Web Pages | The mention of an organization or data related to an organization on a dark web site. | 1.29x |
The Dark Web: A Cyberattack Staging Area
The study also included a multi-variable analysis, which showed that combining multiple dark web sources provides a stronger indication of increased cyber risk. Paste Results, OSINT Results and Dark Web Market Listings were found to be the most correlated to cyber insurance loss frequency in conjunction with other factors, Searchlight Cyber reported.
Offering a press statement on the findings, Ben Jones, co-founder and CEO of Searchlight Cyber, said:
“The core finding of Marsh McLennan’s analysis is that any data related to your organization on the dark web is highly correlated with your chance of a cyberattack. Cybercriminals plan their attacks on dark web forums, marketplaces, and in hidden communication channels, and the study has quantified the risk of each of these areas of dark web exposure for the first time."
Jones emphasized that if security teams can identify their exposure on the dark web, they have a huge opportunity to proactively act, adjust their defenses and effectively stop attacks before they are launched by cybercriminals.
“The first step is to gain visibility to understand where the threat on the dark web is coming from, where the organization is being targeted and continuously monitor to give themselves the best chance of identifying and stopping a cybersecurity incident,” he said.
Further Searchlight Cyber, Marsh McLennan Collaboration
Following the study, Searchlight and the Marsh McLennan Cyber Risk Intelligence Center will collaborate to help organizations unlock the value of dark web intelligence in determining and mitigating the risks against their business.
“Historically, the insurance industry has focused on data from within an organization, such as questionnaires, along with outside-in technographic scans for determining cybersecurity risk,” Scott Stransky, managing director and head of the Marsh McLennan Cyber Risk Intelligence Center, said in a press statement. “While this data is extremely valuable, ignoring dark web factors external to the organization’s network leaves the industry with a blind spot around who could be targeting the organizations they insure and the resources those cybercriminals possess to execute their attacks.”
