Business email compromise (BEC) has now become the main reason companies file a cyber-insurance claim.
A new report by the insurance company, AIG, found that BEC is the top cause of loss for cyber claims followed by ransomware and data breaches, in the EMEA region last year.
Statistics published in July stated that 23% of all cyber-insurance claims AIG received in 2018, was a result of BEC-related insurance filings. Ransomware-related insurance filings accounted for 18% of all cyber-insurance claims, followed by data breaches caused by hackers (14%) and data breaches caused by employees (14%).
The report also found that the number of cyber-insurance claims AIG received doubled between 2017 and 2018.
The rise in BEC scams can be explained due to companies failing to employ effective security protection such as poor password protection for email accounts, and not utilising multi-factor authentication.
The number of ransomware-related cyber-insurance claims have dropped in 2018, due to ransomware becoming more targeted. Threat actors are now focusing on going after companies and government organisations as opposed to consumers. Therefore the incidents are fewer, but the threat actors are receiving larger payouts.
However despite the small number of ransomware-related insurance claims, AIG expects that it will soon go up as enterprise and government victims learn that they can offset losses by filing a cyber-insurance claim.
AIG also discovered that the number of cyber-insurance claims filed has been affected by GDPR, as businesses can no longer hide data breaches and have to disclose them. As a result, companies are starting to file more cyber-insurance claims to help cover some of their costs.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/