sb-as logo
Story image

Cyber insurance not always up to scratch

Organisations are being warned about their cyber insurance policies, and are being urged to check if they are cover new social engineering email attacks.

New research from email and data security firm Mimecast into the growing cyber insurance industry has revealed 45% of organisations with cyber insurance are unsure if their policies are fully up to date to cover the ever-evolving threat landscape.

Mimecast says this leaves firms at risk for taking the full financial brunt of these kinds of attacks.

According to the research, just 43% of firms with cyber insurance are confident that their policies would pay out for whaling financial transactions. Nearly two-thirds (64%) of firms don’t have any cyber insurance at all.

Mimecast says the rise of whaling (CEO fraud) has created an attack climate where many insured organisations may not be protected from fraudulent transactions because they fall outside of the coverage scope of when their policies were originally signed.

While over half (58%) of organisations have seen an increase in untargeted phishing emails, 65% have seen targeted phishing attacks grow and 67% have seen a spike in whaling attacks, where a cybercriminal dupes employees into making fraudulent transactions on behalf of a CEO or CFO.

Additionally, 50% said they have seen social engineering attacks that utilise malicious macros in attachments increase.

“Cyber insurance uptake is growing quickly but a lack of employee training on the latest email attacks is leaving organisations at great risk of breaking policy terms,” says Nicholas Lennon, country manager ANZ, Mimecast.

“While insurers often pay for clean-up fees after a breach, it is important that organisations check that their policies protect them if an employee is tricked into sending a large amount of money to a fraudulent account,” he explains

“Attacks where employees are tricked into sending personal data or intellectual property are even less likely to be fully covered.

"With the cybersecurity landscape constantly evolving, cyber insurers will have great difficulty keeping their coverage up-to-date,” Lennon says.

“A comprehensive cyber resilience strategy is only effective alongside regular employee training on the latest threats combined with appropriate technology fail safes.”

Story image
Surfshark rolls out WireGuard open source VPN protocol
When there is less code in a VPN, it is less susceptible to security vulnerabilities due to easier configuration and management, according to Surfshark.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Link image
Why the threat of ransomware requires quality resources to keep it at bay
With this ransomware prevention kit, learn actionable tactics for IT departments on how to manage backups and enable staff so that ransomware is a managed and controlled risk.More
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
DDoS attacks a wake up call for complacent businesses - Imperva
When distributed denial of service attacks created mayhem around the world in August, they left many organisations scrambling to protect themselves.More