Nearly half of organizations unsure if cyber Insurance will payout for evolving email attacks
New Mimecast research highlights 45% of organizations unaware if their cyber insurance will cover new social engineering attacks
London, UK – Mimecast Limited (NASDAQ: MIME), a leading email and data security company, today issued a warning to organizations relying on cyber insurance: your policies may not be fully up-to-date in covering new social engineering email attacks, leaving firms at risk for taking the full financial brunt of these attacks.
New Mimecast research* into the growing cyber insurance industry and evolving email attack techniques reveals that almost half (45%) of firms with cyber insurance are unsure if their policy is up-to-date for covering new cyber social engineering attacks, and only 10% believe it is completely up-to-date. Just 43% of firms with cyber insurance are confident that their policies would pay out for whaling financial transactions. Nearly two-thirds (64%) of firms don’t have any cyber insurance at all.
The rise of whaling (CEO fraud) has created an attack climate where many insured organizations may not be protected from fraudulent transactions because they fall outside of the coverage scope of when their policies were originally signed. While over half (58%) of organizations have seen an increase in untargeted phishing emails, 65% have seen targeted phishing attacks grow and 67% have seen a spike in whaling attacks, where a cybercriminal dupes employees into making fraudulent transactions on behalf of a CEO or CFO. Additionally, 50% said they have seen social engineering attacks that utilize malicious macros in attachments increase.
“Cyber insurance uptake is growing quickly but a lack of employee training on the latest email attacks is leaving organizations at great risk of breaking policy terms,” said Steven Malone, director of security product management, Mimecast. “While insurers often pay for clean-up fees after a breach, it is important that organizations check that their policies protect them if an employee is tricked into sending a large amount of money to a fraudulent account. Attacks where employees are tricked into sending personal data or intellectual property are even less likely to be fully covered.
"With the cybersecurity landscape constantly evolving, cyber insurers will have great difficulty keeping their coverage up-to-date. A comprehensive cyber resilience strategy is only effective alongside regular employee training on the latest threats combined with appropriate technology fail-safes.”
Mimecast will be exhibiting at Infosecurity Europe, 7-9 June, at stand #G100. Mimecast security experts will discuss the top email attack strategies being used against millions of organizations around the world today.
The company will be demonstrating the capabilities of Mimecast Targeted Threat Protection and its full suite of cloud-based email security services.
*Mimecast conducted a survey of 436 IT experts at organizations in the US, UK, South Africa and Australia in March 2016. Respondents assessed the growth in a range of email attacks seen over the prior three months.
Mimecast (NASDAQ:MIME) makes business email and data safer for more than 18,000 customers and millions of employees worldwide. Founded in 2003, the company's next-generation cloud-based security, archiving and continuity services protect email, and deliver comprehensive email risk management in a single, fully-integrated subscription service.
We welcome the opportunity to engage with the press and talk about our work and our industry.
Sr. Public Relations Manager - Lexington office