Story image

Cyber insurance not always up to scratch

08 Jun 16

Organisations are being warned about their cyber insurance policies, and are being urged to check if they are cover new social engineering email attacks.

New research from email and data security firm Mimecast into the growing cyber insurance industry has revealed 45% of organisations with cyber insurance are unsure if their policies are fully up to date to cover the ever-evolving threat landscape.

Mimecast says this leaves firms at risk for taking the full financial brunt of these kinds of attacks.

According to the research, just 43% of firms with cyber insurance are confident that their policies would pay out for whaling financial transactions. Nearly two-thirds (64%) of firms don’t have any cyber insurance at all.

Mimecast says the rise of whaling (CEO fraud) has created an attack climate where many insured organisations may not be protected from fraudulent transactions because they fall outside of the coverage scope of when their policies were originally signed.

While over half (58%) of organisations have seen an increase in untargeted phishing emails, 65% have seen targeted phishing attacks grow and 67% have seen a spike in whaling attacks, where a cybercriminal dupes employees into making fraudulent transactions on behalf of a CEO or CFO.

Additionally, 50% said they have seen social engineering attacks that utilise malicious macros in attachments increase.

“Cyber insurance uptake is growing quickly but a lack of employee training on the latest email attacks is leaving organisations at great risk of breaking policy terms,” says Nicholas Lennon, country manager ANZ, Mimecast.

“While insurers often pay for clean-up fees after a breach, it is important that organisations check that their policies protect them if an employee is tricked into sending a large amount of money to a fraudulent account,” he explains

“Attacks where employees are tricked into sending personal data or intellectual property are even less likely to be fully covered.

"With the cybersecurity landscape constantly evolving, cyber insurers will have great difficulty keeping their coverage up-to-date,” Lennon says.

“A comprehensive cyber resilience strategy is only effective alongside regular employee training on the latest threats combined with appropriate technology fail safes.”

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.