Cyber insurance needs to keep up with evolving threat landscape
Forty-five per cent of cyber-insured firms are unsure if their policies are fully up to date to cover the ever-evolving threat landscape, according to new research by email and data security firm Mimecast.
Their study also showed that only 43% of firms with cyber insurance are confident their policies would pay out for whaling (CEO fraud) financial transactions; while firms that don’t have cyber insurance are at 64%, Mimecast said.
The figures showed how vulnerable firms are to taking the full financial brunt of cyber-attacks, if their policies are not updated regularly.
Mimecast said the rise of whaling had created an attack climate where many organisations with cyber insurance may not be protected from fraudulent transactions because it was not covered in the policies when they originally signed, IT Brief reported.
“Cyber insurance uptake is growing quickly but a lack of employee training on the latest email attacks is leaving organisations at great risk of breaking policy terms,” said Nicholas Lennon, country manager ANZ, Mimecast.
“While insurers often pay for clean-up fees after a breach, it is important that organisations check that their policies protect them if an employee is tricked into sending a large amount of money to a fraudulent account,” he explained.
“Attacks where employees are tricked into sending personal data or intellectual property are even less likely to be fully covered.”
"With the cybersecurity landscape constantly evolving, cyber insurers will have great difficulty keeping their coverage up-to-date,” Lennon said.
“A comprehensive cyber resilience strategy is only effective alongside regular employee training on the latest threats combined with appropriate technology fail safes.”