Nearly Half of Organisations Unsure if Cyber Insurance will Payout for Evolving Email Attacks


New Mimecast Research Highlights 45% of Organizations Unaware if their Cyber Insurance Will Cover New Social Engineering Attacks

mimecast_logoMimecast Limited has issued a warning to organisations relying on cyber insurance: your policies may not be fully up-to-date in covering new social engineering email attacks, leaving firms at risk for taking the full financial brunt of these attacks.

New Mimecast research* into the growing cyber insurance industry and evolving email attack techniques reveals that almost half (45%) of firms with cyber insurance are unsure if their policy is up-to-date for covering new cyber social engineering attacks, and only 10% believe it is completely up-to-date. Just 43% of firms with cyber insurance are confident that their policies would pay out for whaling financial transactions. Nearly two-thirds (64%) of firms don’t have any cyber insurance at all.

The rise of whaling (CEO fraud) has created an attack climate where many insured organisations may not be protected from fraudulent transactions because they fall outside of the coverage scope of when their policies were originally signed. While over half (58%) of organisations have seen an increase in untargeted phishing emails, 65% have seen targeted phishing attacks grow and 67% have seen a spike in whaling attacks, where a cybercriminal dupes employees into making fraudulent transactions on behalf of a CEO or CFO. Additionally, 50% said they have seen social engineering attacks that utilize malicious macros in attachments increase.

“Cyber insurance uptake is growing quickly but a lack of employee training on the latest email attacks is leaving organisations at great risk of breaking policy terms,” said Nicholas Lennon, Country Manager ANZ, Mimecast.“ While insurers often pay for clean-up fees after a breach, it is important that organisations check that their policies protect them if an employee is tricked into sending a large amount of money to a fraudulent account. Attacks where employees are tricked into sending personal data or intellectual property are even less likely to be fully covered.

“With the cybersecurity landscape constantly evolving, cyber insurers will have great difficulty keeping their coverage up-to-date. A comprehensive cyber resilience strategy is only effective alongside regular employee training on the latest threats combined with appropriate technology fail-safes.”

*Mimecast conducted a survey of 436 IT experts at organisations in the US, UK, South Africa and Australia in March 2016. Respondents assessed the growth in a range of email attacks seen over the prior three months.

About Mimecast

Mimecast (NASDAQ:MIME) makes business email and data safer for more than 18,000 customers and millions of employees worldwide. Founded in 2003, the company’s next-generation cloud-based security, archiving and continuity services protect email, and deliver comprehensive email risk management in a single, fully-integrated subscription service.