BEC overtakes ransomware and data breaches in cyber-insurance claims

Despite all the talk of AI-driven cyber risk, Advanced Persistent Threat (APT) groups, and nation-state attacks, the relatively simple Business Email Compromise is what’s really happening out there. Time to review your authorisation procedures and not just wave through charges because “the boss says so”…:

Business email compromise (BEC) has overtaken ransomware and data breaches as the main reason companies filed a cyber-insurance claim in the EMEA (Europe, the Middle East, and Asia) region last year, said insurance giant AIG.

According to statistics published in July, AIG said that BEC-related insurance filings accounted for nearly a quarter (23%) of all cyber-insurance claims the company received in 2018.

Ransomware-related incidents came in in second place, accounting for 18% of all cyber-insurance claims in the EMEA region, followed by claims for data breaches caused by hackers and data breaches caused by employee negligence (e.g. sending data to the wrong person), both with 14%.

[…]

Original article here