Article Synopsis :
Business email compromise (BEC) has displaced ransomware and data breach by hackers as the main driver of cyber claims, according to this AIG report on cyber risk. Almost one quarter (23%) reported incidents in 2018 were due to BEC, more than double the 2017 figure of 11%.
Ransomware and data breach as well as employee negligence remain the primary causes of breach in 2018.
People are usually the problem
Human error remains the primary influence for claims. Professional services has been hit hardest by cyber attacks, followed by financial services.
But all sectors are open to attack and claims frequency continued in increase in 2018, as the number of claims equalled the previous two years combined.
The route in is usually a phishing email with a link or attachment, which once clicked, provides access to the user’s inbox.
Despite familiarity with phishing emails, a large number of people are fooled into entering personal details into a fake login screen.
Once they’re in, the trouble starts
Once the credentials have been surrendered, the cyber-criminal has access to the email account and can send and receive emails and access information in the victim’s email inbox.
Malware is often deployed with the BEC that spreads the breach across the victim’s contacts.
GDPR has had a pronounced impact on reporting, but in Europe, for instance, the vast majority of claims are in the north. Rather than being more heavily targeted than southern European businesses, AIG believes this can be attributed to a difference in compliance culture.
A maturing book
AIG’s cyber book of business has matured in the past five years and customers have become increasingly sophisticated and knowledgable about the product.
There has been a continued move towards affirmative coverage by customers who are keen to ensure their policies respond as they expect them to. The coverage has become more flexible, allowing the insured to notify AIG of an event via a hotline.
The preference for affirmative cyber cover will indemnify them against a wide range of covered losses, including privacy events, cyber extortion and network business interruption including outsourced service providers and system failure.
The report has a number of interesting case studies of different claims scenarios experienced by AIG clients in recent years.
They provide a useful insight – and a salutary tale – for all businesses.
Link to Full Article:: click here
Digital Insurer's CommentsAs claims for cyber breaches increases, so the demand for insurance goes up.
It is no surprise that some businesses are old hands at cyber security now. This may not stop them getting hit by an attack, but it certainly informs their risk mitigation and purchase of protection.
AIG’s book is increasingly mature and affirmative cover is becoming the main choice as businesses seek to protect themselves from specific risks that cyber criminals may cause them to experience.
Link to Source:: click here