News
 

Types of cyber insurance claims seen by insurers/brokers

Published on in News & Insights

With 350,000 new malicious programmes being discovered every day, [1] there has been a big spike in cybercrime, resulting in an increase in cyber insurance claims. In no particular order, we have assembled a list of the most common cyber-attacks for which people file claims.


Ransomware attacks

Ransomware is the most common cyber insurance claim. [2] It is a type of malware that threat actors use to encrypt your files, making you unable to access your device and the data stored on it.

Once they have access to your system, threat actors can sit dormant for months before deciding to encrypt your files. During this time, they monitor your activity and collect data, waiting for the right time to strike before demanding a ransom in exchange for decryption or threatening to leak the stolen data.

Ransomware can gain access to your business in several ways, including:

  • Phishing: If an employee clicks on a malicious link within a seemingly genuine email, allowing ransomware to infiltrate.
  • Remote Desktop Protocol (RDP)
    • No VPN or MFA used: Threat actors gain access to the network using a brute force attack as only a simple password was used to prevent access, and no VPN was used to ‘hide’ the client’s network.
    • Unpatched VPN/RDP/software: When software is not regularly updated with the latest security patches, it leaves a vulnerability in the network. Threat actors take advantage of this and gain access, installing ransomware and/or stealing data.

In September 2023, two of the world’s largest casino-hotel companies, MGM Resorts and Caesars Entertainment, fell victim to ransomware attacks by way of social engineering. [3] Caesars Entertainment paid the $30 million ransom demand. [4]

 

 

CEO/Friday fraud (funds transfer fraud)

CEO fraud (or Friday fraud) is a type of attack in which a cybercriminal impersonates an employee with the power to ask employees to make payments. This could be a CEO, CFO, Head of HR, etc. The email usually contains an invoice from a supplier which contains new account details.

An employee in accounts receives a seemingly genuine email from the boss or a known customer at the last minute requesting urgent payment of an invoice.

Cloud hacking

With the rising popularity of cloud storage tools and applications, cloud hacking has become a very common threat in the industry. Cloud hacking attacks can take many forms, such as brute-force attacks, phishing, and credential stuffing.

For example, a disgruntled former employee, or other threat actor, accesses a business’s critical data held in cloud storage and takes control. They may hold this data for ransom or threaten to leak it if demands are not met.

 

 

Vishing and quishing

Vishing scams are when scammers impersonate a legitimate source in an attempt to extort money. An example of a vishing scam is a call from the “bank” stating that your account has been compromised and that immediate action is required. Usually, this action includes transferring bank details and security information to the threat actor. A new scam known as ‘quishing’ is gaining momentum. The scam can happen both online and in the real world, where QR codes are manipulated to divert traffic to a malicious site for theft of funds or valuable data.

Dependent Business Interruption loss

A third-party service provider goes down unexpectedly as a result of a ‘cyber event’, meaning that the insured is unable to work as they lose access to their computer networks.

Lost data

A USB containing unencrypted sensitive data is lost. The loss of such data requires notification to the ICO and affected individuals. Loss of paper files can also be a ‘data breach’. Some robust cyber insurance coverage may include the loss of hard/paper copies of data.

DoS Attack (denial-of-service)

A denial-of-service attack is when a threat actor attempts to disrupt a computer or other device’s normal functioning and make the device inaccessible to users. During this malicious attack, the threat actor overwhelms a website with traffic, resulting in the website, and/or sales, going down. They typically do this during a busy sales period, preventing the insured from being able to trade. Sometimes a ransom is attached to cease action.

Rogue employee

A rogue employee is a member of staff who harms their company by engaging in illicit activity, e.g., a worker collects sensitive and confidential data over time with a view to selling. As part of the General Data Protection Regulation (GDPR), all organisations must report data breaches to the Information Commissioner’s Office (ICO) and individuals impacted by the data breach. This opens the door for individuals to seek financial compensation as a result.

Rogue employees tend to fall into one of three categories:

Ambitious – Cuts corners regarding cyber security best practices to get things done as quickly as possible.

Disgruntled – Intends to subvert cyber security practices as a form of backlash against their employers.

Negligent – Breaks cyber security best practices because they simply do not care about the consequences.

Consequences of a cyber-attack

Following a cyber event, there are a few additional costs which may be incurred that you might not immediately consider, such as:

  • Notification costs – Significant costs incurred to notify the ICO and each customer/ individual involved in the data breach.
  • Call centre costs – A centre may be needed to field the significantly increased volume of phone calls and enquiries as a result of the breach.
  • Crisis management – Damaging reviews online and press coverage may result in a media relations issue requiring the help of a PR and crisis management team. There’s also the potential for business interruption claims for loss of revenue.

Cyber insurance with Hugh J Boswell

If you have any questions about protecting your business against a cyber-attack, please contact us at 01603 626155 – the team will be happy to help.