Tel: 0345 625 0711
Cyber claims.jpg
CFC Underwriting

Top findings from our 2018 cyber claims data

by CFC Underwriting

GUIDE
05th April 2019
 

Last year, we responded to over 1,000 cyber claims comprised of theft of funds, data breaches, ransomware & extortion, malware and more.

 

Here are some of our observations from our look back at 2018:

CFC Cyber Claims Data

 

Data breaches still pose a major risk, but they dont tell the whole story

Over the course of 2018, we saw a number of pieces of data breach legislation come into play, most noteably GDPR in Europe.

While legislation is important, we should avoid seeking cyber insurance exclusively through this lens. Its important to stress that while notification laws might prompt consideration of cyber amongst businesses and seem to be driving claims, cyber insurance is not just about covering the losses associated with a data breach. Its much broader than that and our data shows it provides cover for a whole host of cyber-related risks, ranging from theft of funds and cyber extortion to system damage and business interruption.

Human error still plays a part in the majority of the claims we see

Whether a business suffers a data breach, a ransomware attack, or accidentally sends money to a fraudulent bank account, human error plays a part in the vast majority of the claims we see.

For example, non-malicious data breaches refer entirely to those caused by lost laptops and other devices or doing things like inadvertently sharing sensitive data. In addition, many funds transfer fraud requests are due to employees failing to follow-up urgent wire transfer requests with a phone call. Even malicious data breaches, ransomware and extortion claims often begin with hackers gaining system access through phishing links, which employees unwittingly click on.

This highlights the importance of employee training on cyber risks, particularly phishing emails which can lead to a whole range of issues.

Cyber risks trends show us that they will become more common over time

There are several things which are levelling the playing field when it comes to cyber claims. The first is the aforementioned breach notification laws. 

The second is also something briefly touched upon already real-time payment facilities. The UKs funds transfer fraud rates are noticeably higher than other regions, and the main driver of this difference is the UKs implementation of the Faster Payments Service (FPS), which allows businesses and consumers to transfer funds instantaneously instead of it taking the day or two it might take in other territories.

While convenient, this also means that in the time it takes to spot a fraud, the funds are often irretrievable. As real-time payment facilities are taken up in other places, we expect this to lead to higher levels of funds transfer fraud in those territories in the coming years.

The year ahead

This is a good backward look but does 2019 have anything new in store for us?

Firstly, as explained above, we believe theft of funds claims rates, particularly those stemming from Office 365 attacks, will continue to grow in every territory until either more secure banking practices come into play, or the issue is well-known enough amongst organizations that levels plateau.

Secondly, when it comes to data breaches, there's a misconception that a large part of the costs stem from notifying individuals, but we're finding this to be one of the cheapest aspects of these types of claims. Instead, consequential reputational harm from data breaches is proving very costly and these types of claims are amongst our most severe.

Thirdly, scattergun approach ransomware attacks are happening less and less. We're now seeing more targeted extortion attacks taking down whole companies and their back-ups. Although these types of claims make up a smaller piece of the pie in terms of frequency, they are again some of the most devastating in terms of financial fallout.

And finally, with the potential for costly business interruption events on the rise, we believe that more industries will consider cyber insurance, such as manufacturing. After all, its not just businesses that hold sensitive data who are exposed anymore its every business.

 
 

Original article posted by CFC Underwriting.

This guide is for information purposes and based on sources we believe are reliable, the general risk management and insurance information is not intended to be taken as advice with respect to any individual circumstance and cannot be relied upon as such.

 

Cybersecurity.jpg
5 steps to a better cybersecurity program
Employment law.jpg
10 employment law changes to look out for
Civil liability insurance and negligence-min.jpg
Civil liability insurance and professional negligence explained
User generated content cfc.jpg
The new (ish) tech risk: User generated content

Compare and save on your cyber insurance

Start your online application
Cyber Insurance
Crime Insurance
Social Engineering Fraud
Management Liability Insurance
Risk Management Process
About us
By industry Digital onboarding
Blog
Company providers Privacy notice
Customer reviews
Business Insurance Legal notice
Terms of business
Contact us Prudential Regulatory Authority
Contact Us
Tel:0345 625 0711
Email:[email protected]
Social Media
© 2024 Get Indemnity is the trading name of Insurance Direct Group Solutions Limited authorised and regulated in the UK by the Financial Conduct Authority (FRN 802038). This can be checked on the FCA financial services register by visiting the FCA website https://www.fca.org.uk or contacting the FCA on 0800 111 6768. Insurance Direct Group Solutions Limited is registered in England under company number 11078405. Registered office: The Minster Building, Great Tower Street, London, EC3R 7AG.