AIG says that last year there were as many cyber-insurance claims in 2018 as the previous two years combined, signalling a long term trend of increasing claims frequency. Business email compromise (BEC) overtook ransomware to become the primary reason for cyber-insurance claims in the EMEA region according to AIG research published in July.
The report says that a quarter of reported incidents in 2018 were due to business email compromise (BEC), up significantly from 11 percent in 2017. Ransomware, data breach by hackers and data breach due to employee negligence were the other main breach types in 2018.
Unsurprisingly most cases the compromise were traced back to a phishing email containing a link or attachment. In many incidents victims were directed to a bogus login screen and credentials entered were then captured by the cyber-criminal.
Professional Services is now the sector hardest hit by cyber claims, followed by Financial Services. However, incidents continue to spread among a range of sectors, indicating that no industry is immune to cyberattack.
The report quotes Jonathan Ball, partner at Norton Rose Fulbright saying: "Ultimately what’s behind a lot of these compromises is organised crime. They’re not interested in stealing personal data and selling it on the dark web. It’s pure financial fraud."
It describes how BEC attacks’ use social engineering enables creation of emails that are sufficiently accurate as to appear legitimate even to larger organisations. Jose Martinez, vice president of financial lines major loss claims, EMEA, AIG, suggesting more investment is needed to train staff to better identify rogue messages. "We’re still seeing a surprisingly high level of these forms of fraud being perpetrated and some are affecting quite large and sophisticated clients. You may think that every CFO at a large company would know about this by now, but it’s still happening."
An insurance policy for BEC and impersonation fraud claims typically covers the cost of an IT forensic investigation to determine whether the insured’s system was compromised and identify the compromised data. It also covers legal advice on reporting and notification obligations to data subjects and regulators, though the report adds that insurance cover for financial loss due to criminal activity is often restricted. "These incidents are becoming more expensive to investigate," says Mark Camillo, head of cyber for EMEA at AIG. "When a malicious actor gains access to the mailbox you have to do a deep dive, understand what information they may have gained access to and whether it has triggered any GDPR requirements."
In an email to SC Media UK, Tim Callan Senior Fellow at Sectigo, commented: "Virtually every business relies upon email as a fundamental form of communication. Ironically, it is scarily easy to manipulate and falsify business emails in myriad ways, and cyber-criminals are aware of companies’ reliance on them. It’s this which encourages them to perpetrate a variety of attacks and profit from it.
"Businesses should be aware that cyber-criminals’ overarching strategy might rely on several separate malicious deployments, many based themselves on email, including malware, which allows access to confidential information and credential-stealing with huge financial implications.
He goes on to advise: "To avoid this, the ideal solution should integrate with a secure email gateway, allowing the gateway to decrypt and encrypt, so that it can continue to deliver on its valuable function. It should provide the recipient with better delivery choices and use the native mail client to decrypt the email without leaving the application."