A recent study from cyber insurance provider, Coalition, suggests that employee actions are to blame for the majority of cyber insurance claims. The report stated that “the greatest contributing factor to organizations that experienced a cyber insurance claim” was the vulnerability resulting from employee actions, such as clicking on malicious links. This is despite Coalition’s warnings that it is essential to secure end of life (EOL) technology and fix vulnerability patches to prevent these risks.
Phishing was the most common cause of cyber insurance claims in the second half of 2022, contributing to 76% of Coalition claims. Coalition stated in its report that the rise in artificial intelligence (AI) has enabled attackers to write credible phishing emails, translating the scams across multiple languages, to get more time and cover to gain access to a network.
Catherine Lyle, head of claims at Coalition, said that phishing is the most straightforward way to enter a system, which makes it a top target for attackers. She added that the shift in the threat landscape for U.S.-based enterprises has moved away from attackers targeting specific companies to sending an enormous number of phishing emails, where whoever clicks on it then becomes the target of choice.
The report also indicated that Russia’s invasion of Ukraine partly contributed to a decrease in ransomware attacks, which dropped 54% year-over-year. On the other hand, phishing scams increased, leading to funds transfer fraud and business email compromise attacks, accounting for one third of Coalition claims.
Lyle explained that companies with sufficient backups often refuse to give into attackers’ demands, but companies without backups that fear cyberattacks and its impact on business choose to negotiate.
The report warned that small to medium-sized companies, non-profits, and municipalities that have tight budgets are the most frequent EOL software users, who are three times more likely to experience a claim. Implementing multilayered security and incorporating Patch Tuesday fixes are examples of strategies companies can adopt to reduce cyber insurance risks while lowering overall policy costs.