Story image

Cyber insurance not always up to scratch

08 Jun 2016

Organisations are being warned about their cyber insurance policies, and are being urged to check if they are cover new social engineering email attacks.

New research from email and data security firm Mimecast into the growing cyber insurance industry has revealed 45% of organisations with cyber insurance are unsure if their policies are fully up to date to cover the ever-evolving threat landscape.

Mimecast says this leaves firms at risk for taking the full financial brunt of these kinds of attacks.

According to the research, just 43% of firms with cyber insurance are confident that their policies would pay out for whaling financial transactions. Nearly two-thirds (64%) of firms don’t have any cyber insurance at all.

Mimecast says the rise of whaling (CEO fraud) has created an attack climate where many insured organisations may not be protected from fraudulent transactions because they fall outside of the coverage scope of when their policies were originally signed.

While over half (58%) of organisations have seen an increase in untargeted phishing emails, 65% have seen targeted phishing attacks grow and 67% have seen a spike in whaling attacks, where a cybercriminal dupes employees into making fraudulent transactions on behalf of a CEO or CFO.

Additionally, 50% said they have seen social engineering attacks that utilise malicious macros in attachments increase.

“Cyber insurance uptake is growing quickly but a lack of employee training on the latest email attacks is leaving organisations at great risk of breaking policy terms,” says Nicholas Lennon, country manager ANZ, Mimecast.

“While insurers often pay for clean-up fees after a breach, it is important that organisations check that their policies protect them if an employee is tricked into sending a large amount of money to a fraudulent account,” he explains

“Attacks where employees are tricked into sending personal data or intellectual property are even less likely to be fully covered.

"With the cybersecurity landscape constantly evolving, cyber insurers will have great difficulty keeping their coverage up-to-date,” Lennon says.

“A comprehensive cyber resilience strategy is only effective alongside regular employee training on the latest threats combined with appropriate technology fail safes.”

Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”