Mimecast Limited, a leading email and data security company, issued a warning to companies cautioning that their cyber insurance policies may not be fully up-to-date in covering new social engineering email attacks. If such policies are not updated, firms may be responsible for taking the full financial burden resulting from an attack. Additionally, a lack of proper employee training may leave companies at risk for voiding cyber coverage if policy terms are broken. “Cyber insurance uptake is growing quickly but a lack of employee training on the latest email attacks is leaving organizations at great risk of breaking policy terms,” said Steven Malone, director of security product management at Mimecast. “While insurers often pay for clean-up fees after a breach, it is important that organizations check that their policies protect them if an employee is tricked into sending a large amount of money to a fraudulent account. Attacks where employees are tricked into sending personal data or intellectual property are even less likely to be fully covered.”
What’s more, new Mimecast research in the constantly evolving cyber insurance industry suggests that 45 percent of firms with cyber insurance are unsure if their policy is up-to-date for covering phishing attacks, and only 10 percent believe their policy is fully up-to-date. According to that same research, a third of firms do not have cyber insurance at all and 43 percent of firms with cyber insurance are confident that their policies would pay out for a whaling attack – a type of phishing attack specifically aimed at wealthy or high-powered individuals. As the number of phishing and whaling attacks rise in number, it becomes increasingly important for firms to keep their cyber coverage up-to-date. However, it is equally, if not more, essential that firms focus on cybersecurity on the front-end to avoid having to make a claim in the first place.