Skip to main content

Email crime now top cause for cyber insurance claims

(Image credit: Pixabay)

Companies are filing for more cyber-insurance claims than ever before as the number of threats targeting businesses continues to rise.

According to figures from insurance giant AIG, claims related to cybercrime nearly doubled in number between 2017 and 2018. The company also added that it dealt with more cyber-insurance claims last year than across 2016 and 2017 combined.

So-called "business email compromise" (BEC) scams were found to be the most common cause for making a cyber-insurance claim in the EMEA region last year, with nearly a quarter (23 percent) of all claims it received concerned BEC incidents. 

Incidents concerning ransomware made up the second highest amount, making up 18 percent of claims, followed by claims for data breaches - both those caused by hackers and separately, those caused by employee negligence - which both accounted for 14 percent of claims.

BEC scams are on the rise due to many companies failing to implement proper security protection, AIG says. It names tactics such as ensuring strong passwords for email accounts, using multi-factor authentication, and increasing employee training relating to security as key to helping stay secure.

The company warned that ransomware may soon reclaim the top spot it held in 2017, as attacks go from being more targeted, to more general "spray and pray" assaults.

AIG says it expects the number of cyber-insurance claims to keep rising, particularly concerning ransomware attacks, as governments and local authorities, which have become popular targets for cybercrime, realise they can gain back some losses by doing so.

The continuing influence of GDPR, which went into effect in May 2018, had also had an effect on cyber-insurance claims, with far more being made after the new legislation came into force. AIG surmised this could be to do with GDPR requiring all data breaches to be made public, with companies that fail to act suffering large fines - the cost of which, again, can be offset through cyber-insurance.