Social engineering has quickly become one of the most common means of cyberattack, but the cyber insurance industry may not be keeping up, and it could leave businesses at significant financial risk.
While two-thirds of companies have seen an increase in social engineering attacks, according to data security firm Mimecast, 45% of firms that have purchased cyber insurance are unsure if their policy is up-to-date in terms of covering these attacks. For example, only 43% of companies are confident their cyber policy would pay out in the event of CEO fraud (whaling).
Coverage for losses incurred through these scams may be available, but as the cybersecurity landscape constantly evolves, they may fall outside the scope of coverage in the policy as it was originally signed.
“Cyber insurance uptake is growing quickly, but a lack of employee training on the latest email attacks is leaving organizations at great risk of breaking policy terms,” said Steven Malone, Mimecast’s director of security product management. “While insurers often pay for clean-up fees after a breach, it is important that organizations check that their policies protect them if an employee is tricked into sending a large amount of money to a fraudulent account.”