sb-nz logo
Story image

Cyber insurance not always up to scratch

Organisations are being warned about their cyber insurance policies, and are being urged to check if they are cover new social engineering email attacks.

New research from email and data security firm Mimecast into the growing cyber insurance industry has revealed 45% of organisations with cyber insurance are unsure if their policies are fully up to date to cover the ever-evolving threat landscape.

Mimecast says this leaves firms at risk for taking the full financial brunt of these kinds of attacks.

According to the research, just 43% of firms with cyber insurance are confident that their policies would pay out for whaling financial transactions. Nearly two-thirds (64%) of firms don’t have any cyber insurance at all.

Mimecast says the rise of whaling (CEO fraud) has created an attack climate where many insured organisations may not be protected from fraudulent transactions because they fall outside of the coverage scope of when their policies were originally signed.

While over half (58%) of organisations have seen an increase in untargeted phishing emails, 65% have seen targeted phishing attacks grow and 67% have seen a spike in whaling attacks, where a cybercriminal dupes employees into making fraudulent transactions on behalf of a CEO or CFO.

Additionally, 50% said they have seen social engineering attacks that utilise malicious macros in attachments increase.

“Cyber insurance uptake is growing quickly but a lack of employee training on the latest email attacks is leaving organisations at great risk of breaking policy terms,” says Nicholas Lennon, country manager ANZ, Mimecast.

“While insurers often pay for clean-up fees after a breach, it is important that organisations check that their policies protect them if an employee is tricked into sending a large amount of money to a fraudulent account,” he explains

“Attacks where employees are tricked into sending personal data or intellectual property are even less likely to be fully covered.

"With the cybersecurity landscape constantly evolving, cyber insurers will have great difficulty keeping their coverage up-to-date,” Lennon says.

“A comprehensive cyber resilience strategy is only effective alongside regular employee training on the latest threats combined with appropriate technology fail safes.”

Story image
Creating a strong culture of security within organisations
CISOs worldwide are inherently aware of how significant investment in cybersecurity strategies and technologies can bolster an organisation’s protection against cyberattacks. However, many overlook the importance of culture when it comes to cybersecurity.More
Story image
How organisations can extract value from IT investments with Living Systems
Technology is everywhere, but value is not. Twelve months after the first pandemic-related lockdowns began, many organisations have discovered that they’re just not getting the return on investment they expected. Why?More
Story image
Microsoft adds new ways to bring AI to the edge with Azure Percept
"The goal of the Azure Percept platform is to simplify the process of developing, training and deploying edge AI solutions."More
Story image
Sophos announces collaboration with Qualcomm for PC security
This unification enables a connected, interactive computing environment that combines smartphone and PC technology to deliver security capabilities and opportunities, the company states.More
Story image
Organisations investing significant time modifying web application firewalls to keep ahead of cybersecurity threats
"The sheer amount of traffic and potential threats can ensnare resources and impact the ability to introduce greater precision to those key systems."More
Story image
VPNs and zero trust security don't mix - Zscaler report
93% of organisations surveyed have deployed some kind of VPN, yet 94% know that VPNs are a popular target for cybercriminals.More