Many clients now have a better awareness of cyber risk, but while the majority will have data breaches and malware at the top of their list of concerns, there is a new threat in town – and insurance companies are at risk too.
Fraudulent instruction scams are increasingly a danger to organisations, according to specialist cyber insurer
Beazley, which has revealed that its Breach Response Services arm (BBR Services) saw a quadrupling of such incidents in 2017.
Search and compare product listings for Cyber Insurance from specialty market providers here
“We saw the increase in fraudulent instructions start to really spike at the end of 2016 and the beginning of 2017 – then it just escalated from there,” Katherine Keefe, global head of BBR Services told Insurance Business.
The scams see criminals use hacking and phishing techniques to accumulate information which they use to send plausible-looking requests to individuals in an organisation, tricking them into transferring funds to bogus accounts. In addition to losing money, organisations may also have to conduct exhaustive systems analysis to ensure that individuals’ personal and private data has not been compromised.
While once such scams were aimed at the fraudulent use of credit cards or tax details, the sophistication of both technology and cyber criminals today means that the scams have become far more immediate.
“The crime is now perfected in a matter of moments, with the criminal able to access the funds immediately. There’s a lot of creativity going on now to trick people into sending information, or to make financial transactions directly into the criminals’ hands. That’s the change that we saw in 2017, which increased over the course of the year,” Keefe said.
A combination of far more sophisticated, realistic attempts from criminals and the fact that many organisations are failing to train their employees on how to spot spoof emails and phishing attempts has created the perfect storm, according to the global head.
As an insurer, Beazley advises clients to train employees on how to seek authorisation before deviating from practice, as well as providing regular phishing training to stay on top of the evolution of sophisticated emails.
But insurance companies themselves are vulnerable too, Keefe warned.
“I don’t think any company is isolated from the potential of these kinds of attacks… It’s becoming best practice to train employees and provide these kinds of information,” she said.
Financial services was the second-most targeted industry sector in 2017, accounting for 21% of the fraudulent instruction claims reported to Beazley, with professional services taking the top spot by just 1%.
However, incidents are growing across all sectors, and in particular where single, large transactions, are involved.
Keefe added: “The skillset of the criminals continues to grow, and I don’t think we should be complacent about this. There’s a lot of information out there on the web about acquisitions and sales of hotels and properties. [I don’t think] it would take criminals too long to find out where to target the larger transactions… It’s really time for organisations to sit up and pay attention to this, and not have it as third or fourth down the list.”
Related stories:
Fraudulent instruction the new ‘significant’ cyber threat, says Beazley
Lloyd's: Major cloud shutdown could cost billions