Cyber insurance needs to keep up with evolving threat landscape

Cyber insurance needs to keep up with evolving threat landscape | Insurance Business

Cyber insurance needs to keep up with evolving threat landscape
Organisations are being encouraged to ensure that their cyber insurance policies cover new social engineering email attacks, IT Brief reported.

According to a new research by email and data security firm Mimecast, 45 per cent of cyber-insured organisations are unsure if their policies are fully up to date to cover the ever-evolving threat landscape. Mimecast warns that this leaves firms vulnerable to taking the full financial brunt of cyber-attacks.

The research also shows that only 43 per cent of firms with cyber insurance are confident that their policies would pay out for whaling (CEO fraud) financial transactions; while firms that don’t have cyber insurance are at 64 per cent.

Mimecast says the rise of whaling has created an attack climate where many organisations with cyber insurance may not be protected from fraudulent transactions because it’s not covered in the policies they originally signed.

The research also reveals that organisations that have seen an increase in untargeted phishing emails are at 58 per cent; in targeted phishing attacks, 65 per cent; and in phishing attacks, 65 per cent.

“Cyber insurance uptake is growing quickly but a lack of employee training on the latest email attacks is leaving organisations at great risk of breaking policy terms,” says Nicholas Lennon, country manager ANZ, Mimecast.

“While insurers often pay for clean-up fees after a breach, it is important that organisations check that their policies protect them if an employee is tricked into sending a large amount of money to a fraudulent account,” he explains.

“Attacks where employees are tricked into sending personal data or intellectual property are even less likely to be fully covered.”

"With the cybersecurity landscape constantly evolving, cyber insurers will have great difficulty keeping their coverage up-to-date,” Lennon says.

“A comprehensive cyber resilience strategy is only effective alongside regular employee training on the latest threats combined with appropriate technology fail safes.”