Modern businesses are getting hit harder and more frequently by sophisticated, fast-moving cyber attacks. However, while the headlines often focus on ransomware and artificial intelligence-driven attacks, most global cyber insurance claims stem from the email inbox. 

According to Coalition’s 2024 Cyber Claims Report, business email compromise (BEC) and funds transfer fraud (FTF) accounted for 56% of all cyber insurance claims—more than double those stemming from ransomware at 19%. 

Unlike ransomware, which can involve lengthy negotiations and encryption, BEC and FTF are much easier and more effective ways for threat actors to monetise their cybercrimes. 

When compromising someone’s email inbox, threat actors often search for terms that will help uncover vendor or payment information or seek to connect with the individual who might have the right information. Sometimes, gaining access is the strategy, whereas threat actors wait inside the network, known as “dwell time,” until they find a user with direct access to money. 

Once criminals identify someone within the company who has access to the money, they pivot to steal credentials and execute FTF. In these types of incidents, cybercriminals will trick the target. 

More and more businesses are turning to their brokers for guidance before, during, and after these types of cyber incidents to prevent claims. There are a few key steps that brokers need to know about to best advise their clients and protect them against BEC and FTF.

BEFORE: Continuous training is one of the best risk mitigation strategies

For the best defence against these email-based scams, businesses need to emphasise the importance of ongoing education and security awareness training for their employees. 

Companies should regularly train employees to recognise phishing attempts, report suspicious activity, and use email filtering to block malicious attachments or links. Staff should always be especially wary of emails that request financial information, include unknown attachments or links, or ask the user to confirm their login details. 

By focusing on these points, brokers can better support their clients in navigating the complexities of cyber risks and ensuring robust and effective responses to incidents.

DURING: Prioritise early notification and clear communication with cyber insurers

The most critical thing for brokers to advise their clients to help prevent BEC and FTF is to avoid the mentality of “she’ll be right." When talking to policyholders, it’s important to emphasise early notification. If they suspect anything suspicious, it’s critical for them to notify their broker immediately. For cyber-attacks and cyber claims, early notification and clear communication can mean the difference between remediating the threat quickly and preventing escalation or dealing with the repercussions for potentially weeks or even years. 

Quick communication is key to risk mitigation. With this in mind, clients should look for an insurer that does more than just initiate the claims process upon notification and provide a policyholder with a Proof of Loss form. Brokers and their clients should prioritise a cyber insurance provider that snaps into action to mitigate the impact. 

With claims and incident response teams working together, policyholders can take active security measures to reduce the fallout, including changing passwords, locking financial accounts, and implementing multi-factor authentication to force users to authenticate their identities. Incident response teams can also assess potential security concerns without launching a full-blown investigation, helping to prevent the need for a client to file a claim in the first place. 

AFTER: Managing and reducing policyholder costs

Brokers should recommend clients secure coverage that addresses all out-of-pocket expenses involved in managing an incident. With digital forensics and incident response, remediation, hiring breach counsel, and notifying customers – to name a few – these costs can accumulate quickly. Case in point: the average cost of a data breach, according to IBM’s 2024 report, was 4.9 million USD or approximately 7.2 million AUD. 

In a recent Coalition BEC claims example, the outside incident response firm began its investigation and determined the email account was compromised through a phishing attack that allowed the threat actor to access the CEO’s inbox. These costs totalled nearly 50,000 AUD. 

To combat these costs, policyholders should seek a policy that uses “pay-on-behalf” language, which usually means the insurance provider pays third-party vendor fees related to breach costs upfront, so the insured doesn’t have to worry or wait for reimbursement. This is especially important for extortion payments, which can be large sums of money and are required to be paid in cryptocurrency.

Guidance for attacks that start in the email inbox

To help prevent and mitigate these types of cyber insurance claims, brokers need to advise their clients before, during, and after a potential incident. Brokers should advise their clients to look for a cyber insurance provider that can provide continuous education into the evolving cyber risk landscape to help protect them from emerging and evolving threats.

The claim scenarios described here are intended to show the types of situations that may result in claims and are provided for illustrative purposes only. These scenarios should not be compared to any other claim. Whether or to what extent a particular loss is covered depends on the specific facts and circumstances of the loss, the terms and conditions of the policy wording (including policy schedule) as issued and applicable law.

Insurance cover is issued by Coalition Insurance Solutions Pty Ltd (“CIS AU”) (ABN 33 657 140 791, AFSL 539846) under a binding authority given by the insurer, Allianz Australia Insurance Limited (ABN 15 000 122 850, AFSL 234708). This information is of a general nature only and does not take into account any person's particular circumstances. All descriptions of coverage are subject to the terms, conditions, and exclusions of the individual policy. Before making a decision (or advising your client), please refer to the relevant policy wording available here or by contacting your broker. CIS AU may receive compensation from an insurer or other intermediary in connection with the sale of insurance cover. See disclaimers. Copyright © 2024. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc.