SlideShare a Scribd company logo

Cyber Claims: GDPR and business email compromise drive greater frequencies

Δ
Δρ. Γιώργος K. Κασάπης

Business email compromise (BEC) has overtaken ransomware and data breach by hackers as the main driver of AIG EMEA cyber claims, according to the latest cyber claims statistics. Nearly a quarter of reported incidents in 2018 were due to business email compromise (BEC), up significantly from 11% in 2017. Ransomware, data breach by hackers and data breach due to employee negligence were the other main breach types in 2018.

Internet
1 of 10
Download to read offline
Claims Intelligence Series Cyber Claims: GDPR and business email compromise drive greater frequencies
Business email compromise (BEC) has overtaken ransomware and data breach by hackers as the main driver of AIG EMEA1 cyber claims, according to the latest cyber claims statistics. Nearly a quarter of reported incidents in 2018 were due to business email compromise (BEC), up significantly from 11% in 2017. Ransomware, data breach by hackers and data breach due to employee negligence were the other main breach types in 2018. Business email compromise Ransomware Data breach by hackers Data breach due to employee negligence (e.g. sending data to the wrong person) Impersonation fraud Other virus/malware infections System failure/outage Physical loss or theft of information assets (e.g. stolen laptop) Other* Other cyber extortions (non-ransomware) 23% 18% 14% 14% 8% 6% 5% 5% 4% 3% Fig 1 Cyber Claims received by AIG EMEA (2018) – By reported incident *Denial of Service Attacks, Legal/Regulatory Proceedings based on violations of data privacy regulations At a Glance • Business Email Compromise (BEC) is now the top cause of loss for cyber claims followed by ransomware which is becoming increasingly targeted and disruptive, affecting business interruption costs. All cyber attack impacts are still greatly influenced by human error. • Professional Services is now the sector hardest hit by cyber claims, followed by Financial Services. However, incidents continue to spread among a range of sectors, indicating that no industry is immune to cyberattack. • The long term trend of increasing claims frequency continued in 2018 with around as many claims as the previous two years combined. BEC2 has entered the report this year under a new category given the high number of BEC-related claims received by AIG over the past 12 months. In most cases the compromise can be traced back to a phishing email containing a link or attachment. If the recipient engages with the content of a phishing email it may allow intrusion into the user’s inbox. The majority of users are familiar with the concept of phishing emails but there remains a high number of incidents where the user follows a link directing the recipient to a bogus login screen. As soon as the victim enters their credentials, they are captured by the cyber-criminal who then has the necessary information to login to the victim’s email account. The perpetrator is then able to send and receive emails from the victim’s email address and access all the information in the victim’s email inbox. In many cases the BEC is exacerbated by malware that spreads the scam to contacts in the recipient’s inbox. A relatively simple type of scam, BEC attackers often target individuals responsible for sending payments, using spoof accounts to impersonate the company C-suite or a supplier and requesting money transfers, tax records and/or other sensitive data. 1 Europe, Middle East Africa 2 Previously, such attacks fell within the scope of ‘other security failure/unauthorised access’. Methodology AIG carried out an analysis of more than 1,100 EMEA claims notified under its cyber policies between 2013 and December 2018. The results of this analysis show general insights into this area only. It should be noted that other industries and sectors not highlighted in this report may also experience frequent and severe claims. In 2018, the number of claims notified under AIG’s cyber policies were broadly commensurate with AIG’s premium growth for this product. Page 2 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
Other attacks focus on the content of the recipient’s inbox, harvesting client and employee information, including personal data. They may also target confidential corporate information, including trade secrets, but most are motivated by monetary gain. “Ultimately what’s behind a lot of these compromises is organised crime,” says Jonathan Ball, partner at Norton Rose Fulbright. “They’re not interested in stealing personal data and selling it on the dark web. It’s pure financial fraud.” BEC attacks are often successful because they use social engineering to create emails that appear legitimate. Even larger organisations may fall for the scams, explains Jose Martinez, vice president of financial lines major loss claims, EMEA, AIG, suggesting more investment is needed to train staff to better identify rogue messages. “We’re still seeing a surprisingly high level of these forms of fraud being perpetrated and some are affecting quite large and sophisticated clients. You may think that every CFO at a large company would know about this by now, but it’s still happening.” For covered BEC and impersonation fraud claims the cyber policy provides for the cost of an IT forensic investigation to determine whether the insured’s system was compromised and identify the compromised data. The policy also covers legal advice on reporting and notification obligations to data subjects and regulators though insurance cover for financial loss due to criminal activity is often restricted. “These incidents are becoming more expensive to investigate,” notes Mark Camillo, head of cyber for EMEA at AIG. “When a malicious actor gains access to the mailbox you have to do a deep dive, understand what information they may have gained access to and whether it has triggered any GDPR requirements.” Although financial services firms were the first buyers of cyber insurance and the largest sector, we saw professional services firms move ahead in 2018 in the number of reported claims. This is also the sector most vulnerable to business email compromise. Year-on-year, the number of claims emanating from professional services firms including law firms and accountants, increased from 18% to 22%. Camillo thinks such firms can be more prone to BEC because of a lack of sophistication when it comes to cyber security. “The criminals are going to go where they can make the most money,” he says. “Because they are so heavily regulated you tend to find that financial services firms have better controls than other sectors, including professional services.” He hypothesises that when the Revised Technical Standard as part of the Payment Services Directive (PSD2) comes into place in September 2019, there may be a decrease in the frequency of BEC attacks. Under the directive, payment services providers will be required to comply with requirements for strong customer authentication (SCA) and third party access to bank accounts, which should make it more difficult for fraudsters to steal and divert funds. Poor password hygiene is a recurring issue for firms targeted by BEC, with cyber-criminals exploiting companies that have not activated their Microsoft Office 365 security functions, where the default settings do not enable all the necessary security features such as multi-factor authentication. This remains a high frequency incident that is reported to AIG’s cyber claims team on almost a daily basis, according to Kathy Avery, financial lines major loss adjuster, AIG. Professional Services Financial Services Business Services Retail / Wholesale Manufacturing Public Entity Non-Profit Communications Media Technology Hospitality Leisure Transportation Logistics Energy Utilities Other Industries /Services Healthcare (Hospitals, Pharmaceuticals) Other* 22% 15% 12% 9% 8% 8% 7% 4% 3% 3% 3% 3% 2% *Food Beverage, Construction, Education Note: Figures may not add up to 100% due to rounding Fig 2 Cyber Claims received by AIG EMEA (2018) – By industry Page 3 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
“For businesses affected by BEC, it can be very damaging reputationally,” she continues. “There is always a lot of concern from insureds about how they are going to notify their clients. And often they only find out about the compromise because their clients are receiving spoof and phishing emails that appear to be coming from the insured and they have arisen as a result of the compromise.” The security concern around passwords and multifactor authentication is valid, but it remains the case that many simple attacks can be prevented by improving staff awareness of phishing emails and through implementing a clear protocol for dealing with suspect emails. Financial services is now the second sector responsible for the most cyber claim notifications. Having previously commanded the top spot, it is now responsible for 15% of claims in 2018, down from 18% the previous year. However, the percentages do not reflect the whole story. Total claim notifications from financial services customers in fact nearly doubled between 2017 and 2018, showing the sector is still highly targeted in spite of its more sophisticated approach to cyber risk. The same is true for hospitality and leisure. While proportionally down from 5% to 4% year-on-year, real claims numbers again nearly doubled in 2018. “We see a lot of loyalty scheme breaches, with hospitality firms and airlines typically affected,” says Ball. “Many of the hospitality brands are franchises but they share their member data and often anybody at any hotel in the world can access this membership data.” The Human Factor Human errors and behavior continue to be a significant driver of cyber claims. Despite encouragement by many organisations, employees often use weak passwords or the same passwords across multiple applications, for instance. “One household name we insure foiled an attack after they detected a presence in their system,” says Kathy Avery. “They decided they should reset all the passwords and asked all employees to adopt new passwords, but found they could not get rid of the intruder because of this password hygiene issue. So they had to do it a second time using randomly-generated passwords for every user and that, finally, succeeded in shutting down access.” In this year’s claims statistics, claims notifications for employee negligence doubled from seven percent to 14%. Losses are driven by staff sending out emails containing company data to the wrong individuals or losing laptops and other devices. And under GDPR there has been an increase in notifications for such incidents. “We’re seeing issues such as where attachments to emails are not properly checked before they are sent, and, inadvertently, the sender of what he or she believes is a single confidential personal data record being sent to the relevant data subject, ends up sending out a much larger collection of confidential personal data records of other data subjects,” says Jonathan Ball. Another common error involves Excel spreadsheets. “Too many employees don’t understand how Excel works and that, for example, it might be that you can only see certain data on the spreadsheet on your screen, but that’s because you’ve got the filtering button switched on,” says Ball. “And then they send the document out without realising that if the recipient goes to the top line and presses ‘filter off’ another hundred thousand lines of data appear. We recently dealt with quite a big breach incident that occurred in this way for one of the banks.” “You get all sorts of human error still creeping in,” he continues. “People are still clicking on phishing emails all the time, despite training. And one of the things that really exacerbates the cost of dealing with incidents, including increasing the need for and costs of notifications to regulators and data subjects, is the use by employees of company email for private matters, particularly private financial matters.” Page 4 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
Targeted ransomware on the rise Ransomware, the leading breach type in 2017 when it was responsible for 26% of notifications, has become marginally less prevalent, causing 18% of cyber claims notifications in 2018. However, as predicted in last year’s report, there are a number of instances that show ransomware and extortion type attacks are becoming more targeted, with the attack on Norsk Hydro one of the more high-profile examples. The Norwegian aluminium smelting giant fell victim to a difficult- to-detect strain of ransomware known as “LockerGoga”, through which cyber-criminals gained access to the company’s networks in a targeted attack. The company was forced to halt production at a number of plants across Europe and the US and was forced to switch to manual operations as it attempted to contain the issue, causing widespread business interruption (BI) losses. The decision whether or not to pay a ransomware or extortion demand continues to be influenced by how well an organisation has backed up its data, and the potential business interruption that may ensue. “The impact of ransomware can be very much mitigated if there is good practice with backups,” says Avery. “But time and time again we see there are poor procedures.” Meanwhile, the ransom requests have increased in size. While the initial amounts demanded by WannaCry ransomware attackers were between $300 to $600, in 2018 there have been cases where cyber-criminals have requested tens of thousands to millions of dollars. Meanwhile, the disruption and BI costs associated with such attacks have risen. And in an era of GDPR, there is also the need to establish whether sensitive data has been compromised. “We’ve seen a higher incidence of extortion in 2018 and a bigger expense in enabling systems to get back online,” says Camillo. “Even if you pay a ransom in order to decrypt your files, it is a very laborious process of double checking that the decryption will work, and then isolating your data to make sure you don’t get re-infected and cleaning your files before reinstalling everything. It’s very expensive and it’s very disruptive as well as being a last resort, where allowable by law.” He anticipates that cyber business interruption claims will continue to be significant going forward, as ransomware and extortion attacks become more targeted, and as insureds become more aware of the scope of their cover. “We anticipate an increase in claims on a global level,” says Camillo. “Targeted incidents, such as the attack at Norsk Hydro, could become more of a concern in 2019. The rapid spread of malware or attack of a critical service provider by state- sponsored actors could cause widespread business interruption losses and impact a wide range of industries, potentially also causing significant physical damage.” Page 5 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
Claims frequency and the GDPR effect There has been a pronounced “GDPR effect” on the overall claims frequency in 2018, with a spike in notifications following implementation of the EU General Data Protection Regulation in May 2018. The provisions of the new rules, including strict breach notification guidelines, is resulting in timely notifications from clients. “There is a very strict time limit, particularly for notifying the regulator, and the effect of that is an increase in initial costs,” says Avery. “Under our policy, we have a 48 or 72-hour period where we pick up the initial costs, and we’re seeing increased claim activity for these early periods as a result of GDPR. In addition, the legal forensic and IT costs have also increased, which can lead to bigger payouts under the policy.” Just under 20% of AIG’s claims received in 2018 included a notification under the GDPR, with the adjusting costs significantly higher in comparison to claims where there was no data breach notification. Claim activity from our First Response hotline has increased by over 50% for claims where data subjects and/or the data authority were notified, with insureds receiving legal advice and assistance in preparing their regulatory notices. “We’re seeing a lot of work for our firm, and obviously increased fees incurred by the insured and/or by the insurer, in managing GDPR issues for breaches that are really quite minor,” says Norton Rose Fulbright’s Jonathan Ball. “The kind of incidents that pre-GDPR an organisation would probably have dealt with themselves without external legal counsel.” Within Europe there is a clear north/south divide when it comes to GDPR data breach notifications, with northern Europe responsible for the vast majority of notifications, suggesting a difference in compliance culture. For example, where in Ireland 48% of the claims reported resulted in notification to a regulator, less than 10% of claims reported in Spain were notified. GDPR may also apply to clients based in jurisdictions outside of Europe. This is borne out by an increase in notifications from the Middle East and Africa region, where there has been more claims activity over the past 12 months. Breaking down AIG’s cyber claims statistics by region, it shows there have been significant increases in notifications coming from Belgium, the Netherlands, Germany, France and Ireland over the past 12 months while claims from Sweden and Greece have also grown. Page 6 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
2014 2% 2015 7% 2013 0.2% Fig 3 Cyber Claims Received by AIG EMEA (2013-2018) - Volume 2017 28% 2016 18% 2016-17 46% 2018 45% Looking Forward: Move towards affirmative cover The long-term trend of increasing claims frequency has continued in 2018 as it did over the previous five years, reflecting both the growth and maturity of AIG’s cyber book of business as well as the increasing sophistication of buyers and knowledge of the scope of the product. As cyber becomes a growing exposure for many organisations, based on our claims experience, anticipated losses will continue to grow in both frequency and severity across different industries. Camillo notes a continued move towards affirmative coverage by clients keen to ensure that their policies respond as anticipated. “There have been some misperceptions recently in the press about cyber coverage.” “What our claims numbers clearly show is that more people are buying the coverage and the product is responding to our clients’ needs” he continues. “It includes flexible coverage and it is very easy to notify us about an event through the hotline. Clients are showing a preference for affirmative cyber cover, which will indemnify them against a wide range of covered losses, including privacy events, cyber extortion and network business interruption including outsourced service providers and system failure.” Page 7 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
Manufacturer pays €25,000 ransom after suffering business interruption An attack on the IT systems of the insured took place through a malicious program of the ransomware type known as “Detractor”. Three servers of the infrastructure were affected, which were encrypted, leading to encryption of the folders. The available back-ups, which were on a different server, were deleted (presumably by the cyber-criminals). Therefore, the affected systems could not be restored through the back-ups. Simultaneously, the attackers demanded that the insured pay a ransom in order to decrypt the system. The insured’s operation had ground to a halt as a result of not being able to restore the affected systems. It could not deliver shipments or receive materials and was not able to make payments or to collect accounts receivables. The aim of the ransomware was not to steal information and there had not been a breach of personal information. On Event Day 10 therefore, the insured paid a ransom of €25,000 in BitCoin and was able to restore its operations. AIG covered the cost of the ransom, incident response costs and the extensive network interruption, which included an increased cost of working and cancelled orders. Email account compromised at Financial Services Intermediary The insured, an SME professional services firm, was alerted to a cyber incident after receiving notifications from various clients who had received a suspicious email from an employee of the firm. The email contained various links and attached a PDF invoice requesting payment from the recipients. Upon initial investigation it was determined that the employee’s email account had been compromised and a phishing email containing an attached invoice had been sent to 5,500 email addresses. The insured was proactive in taking corrective action regarding the phishing email, notifying the 720 email contacts of the compromised account, urging them not to click on the attachment PDF. The passwords of both the compromised email account and those belonging to other employees in the firm were changed. AIG recommended the insured notify the ICO as a matter of caution, despite the fact the only identifiable information from the phishing emails was the recipients’ names and places of work. The recommendation to notify was partly driven by the nature of the firm’s business, including sale of cyber insurance products, and reputational considerations. Claims case studies* *The scenarios described herein are offered only as examples. Coverage depends on the actual facts of each case and the terms, conditions and exclusions of each individual policy. Anyone interested in the above product(s) should request a copy of the policy itself for a description of the scope and limitations of coverage. Page 8 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
Breached network at Middle East-based global energy and logistics firm Late last year the insured suffered a number of brute force attacks on their network infrastructure, which resulted in the cyber- criminals gaining access to their network, most likely via their email cloud host although the specific method of intrusion is still under investigation. The insured’s network comprises roughly 5,000 end point devices and, following discovery, an initial sweep identified approximately 2,900 units that may have been compromised. As a result, all users were forced to change their passwords and, subsequently, two-factor authentication was introduced. The insured engaged with AIG’s service providers under the policy’s First Response 72-hour cover period. Due to government restrictions, the insured was unable to allow their data to be handled outside of the country and therefore IT forensics were initially restricted to providing advice by telephone and email. But AIG was able to provide a local IT forensics team to carry out investigations on site, alongside the insured and their cyber-security advisors. The initial focus was to identify access points and ensure these were closed to the cyber-criminals. As a result of identification of the compromised access points, along with network traffic analysis, it was possible to identify how the attackers had gained access to user accounts. It was also identified that the attackers had potentially gained access to user email accounts and in excess of 2,000 files containing personal data, alongside confidential company data including tenders, project details and financials. Over six months later investigations into a potential compromise to email accounts remains ongoing as does the examination and analysis of compromised data. Costs are still being incurred and to date exceed $300,000. Retailer hit by ransomware and business interruption The insured is an international retailer with over 100 stores and an online presence. Whilst they were undertaking some changes to their IT systems and data storage they suffered what appeared to be a targeted, sophisticated cyber attack which encrypted all their files, including those held in the cloud. The cyber-criminals demanded a ransom for providing a decryption code. AIG immediately appointed forensic IT specialists who were onsite non-stop for long periods, initially working to secure the system and attempting to retrieve unencrypted data. This proved very difficult and was not achievable in a timescale to allow resumption of normal business. The shops were still able to trade using manual tills but the attack left them unable to replenish stock in stores or process online orders, which led to a major business interruption. Although reluctant to engage with the cyber criminals, after a prolonged period of being unable to fully trade the insured decided to pay the ransom demand ($150,000 in Bitcoin). AIG assisted the insured in sourcing Bitcoin. After the ransom was paid the decryption code was provided but all files had to be manually decrypted using the code, a painstaking and costly process in terms of labour, which was paid for by AIG consistent with the terms of the policy. AIG also covered the cost of additional fees to the insured’s various existing software providers for additional support and equipment to facilitate the decryption process. The insured held only £1M of cover, which proved inadequate and the policy limit was paid to the insured when interim business interruption losses exceeded £550,000. IT forensic fees alone exceeded £500,000. On this occasion the IT investigation confirmed that there was no evidence to suggest any personal data was accessed or extracted, and legal advice was given to the effect that notice to the ICO was not required. The terms of the insured’s policy covered the cost of the legal advice IT investigation. Page 9 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
www.aig.com GBL00003595 0719 This document considers cyber claims in the context of an AIG insurance programme only. Reliance upon, or compliance with, any of the information, suggestions or recommendations contained herein in no way guarantees the fulfilment of your obligations under your insurance policy or as may otherwise be required by any laws, rules or regulations. The purpose of this document is to provide information only and you should not take any action in reliance on the information contained in this document. This document is not a substitute for you undertaking your own investigations and obtaining professional or specialist advice. No warranty, guarantee, or representation, either expressed or implied, is made as to the correctness or sufficiency of any representation contained herein. AIG does not accept any liability if this document is used for an alternative purpose from which it is intended. American International Group, Inc. (AIG) is a leading global insurance organisation. Building on 100 years of experience, today AIG member companies provide a wide range of property casualty insurance, life insurance, retirement products, and other financial services to customers in more than 80 countries and jurisdictions. These diverse offerings include products and services that help businesses and individuals protect their assets, manage risks and provide for retirement security. AIG common stock is listed on the New York Stock Exchange. Additional information about AIG can be found at www.aig.com and www.aig.com/strategyupdate | YouTube: www.youtube.com/aig | Twitter: @AIGinsurance | LinkedIn: www.linkedin.com/company/aig. AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc. For additional information, please visit our website at www.aig.com. All products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Products or services may not be available in all countries, and coverage is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. American International Group UK Limited is registered in England: company number 10737370. Registered address: The AIG Building, 58 Fenchurch Street, London EC3M 4AB. American International Group UK Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority (FRN number 781109). This information can be checked by visiting the FS Register (www.fca.org.uk/register). Mark Camillo Head of Cyber EMEA Tel: T +44 (0)20 7651 6304 mark.camillo@aig.com Kathy Avery Financial Lines Major Loss Adjuster Tel +44 (0)20 7063 5423 kathy.avery@aig.com José Martinez VP, Financial Lines Major Loss Claims, EMEA Tel: +34 91 5677 431 jose.martinez@aig.com CLAIMS FIRST

Recommended

Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
OilPriceInformationService
 
Cyber Defense For SMB's
Cyber Defense For SMB'sCyber Defense For SMB's
Cyber Defense For SMB's
Guise Bule
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021
lior mazor
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
BrianHuntMSFCPACRISC
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Statewide Insurance Brokers
 
Solving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial ServicesSolving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial Services
Echoworx
 
State of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingState of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in Banking
IJSRED
 
Richmond reprint 20151106
Richmond reprint 20151106Richmond reprint 20151106
Richmond reprint 20151106
Ted Richmond
 

Recommended

Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
OilPriceInformationService
 
Cyber Defense For SMB's
Cyber Defense For SMB'sCyber Defense For SMB's
Cyber Defense For SMB's
Guise Bule
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021
lior mazor
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
BrianHuntMSFCPACRISC
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Statewide Insurance Brokers
 
Solving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial ServicesSolving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial Services
Echoworx
 
State of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingState of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in Banking
IJSRED
 
Richmond reprint 20151106
Richmond reprint 20151106Richmond reprint 20151106
Richmond reprint 20151106
Ted Richmond
 
cybersecurity-250
cybersecurity-250cybersecurity-250
cybersecurity-250
Chris Crowe
 
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
Charmaine Servado
 
UK Cyber Vulnerability Index 2013
UK Cyber Vulnerability Index 2013UK Cyber Vulnerability Index 2013
UK Cyber Vulnerability Index 2013
Martin Jordan
 
Whitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enWhitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_en
Bankir_Ru
 
Latin america cyber security market,symantec market share internet security,m...
Latin america cyber security market,symantec market share internet security,m...Latin america cyber security market,symantec market share internet security,m...
Latin america cyber security market,symantec market share internet security,m...
Ashish Chauhan
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Stanford GSB Corporate Governance Research Initiative
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES
- Mark - Fullbright
 
Keep your office secure
Keep your office secureKeep your office secure
Keep your office secure
Konica Minolta
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report
- Mark - Fullbright
 
Cyber Review_April 2015
Cyber Review_April 2015Cyber Review_April 2015
Cyber Review_April 2015
James Sheehan
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit Theft
Appsian
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
- Mark - Fullbright
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise Chapter
Patricia M Watson
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
Insights success media and technology pvt ltd
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
DFickett
 
Fraudsters Hackers & Thieves!
Fraudsters Hackers & Thieves!Fraudsters Hackers & Thieves!
Fraudsters Hackers & Thieves!
Echoworx
 
FRISS_Insurance fraud report 2020
FRISS_Insurance fraud report 2020 FRISS_Insurance fraud report 2020
FRISS_Insurance fraud report 2020
FinTech Belgium
 
Cyber risks and liabilities newsletter jan feb 2017
Cyber risks and liabilities newsletter jan feb 2017Cyber risks and liabilities newsletter jan feb 2017
Cyber risks and liabilities newsletter jan feb 2017
Kieren Windsor
 
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation GianinoCyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino
-Gianino Gino Prieto -Dynamic Connector -Insurance Strategist
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdf
Brafton
 
Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Aon Cyber Newsletter v10
Aon Cyber Newsletter v10
Graeme Cross
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
EamonnORagh
 

More Related Content

What's hot

cybersecurity-250
cybersecurity-250cybersecurity-250
cybersecurity-250
Chris Crowe
 
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
Charmaine Servado
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Stanford GSB Corporate Governance Research Initiative
 
Cyber Review_April 2015
Cyber Review_April 2015Cyber Review_April 2015
Cyber Review_April 2015
James Sheehan
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise Chapter
Patricia M Watson
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
DFickett
 

What's hot (19)

cybersecurity-250
cybersecurity-250cybersecurity-250
cybersecurity-250
 
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
 
UK Cyber Vulnerability Index 2013
UK Cyber Vulnerability Index 2013UK Cyber Vulnerability Index 2013
UK Cyber Vulnerability Index 2013
 
Whitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enWhitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_en
 
Latin america cyber security market,symantec market share internet security,m...
Latin america cyber security market,symantec market share internet security,m...Latin america cyber security market,symantec market share internet security,m...
Latin america cyber security market,symantec market share internet security,m...
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the Boardroom
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES
 
Keep your office secure
Keep your office secureKeep your office secure
Keep your office secure
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report
 
Cyber Review_April 2015
Cyber Review_April 2015Cyber Review_April 2015
Cyber Review_April 2015
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit Theft
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise Chapter
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
 
Fraudsters Hackers & Thieves!
Fraudsters Hackers & Thieves!Fraudsters Hackers & Thieves!
Fraudsters Hackers & Thieves!
 
FRISS_Insurance fraud report 2020
FRISS_Insurance fraud report 2020 FRISS_Insurance fraud report 2020
FRISS_Insurance fraud report 2020
 
Cyber risks and liabilities newsletter jan feb 2017
Cyber risks and liabilities newsletter jan feb 2017Cyber risks and liabilities newsletter jan feb 2017
Cyber risks and liabilities newsletter jan feb 2017
 
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation GianinoCyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino
 

Similar to Cyber Claims: GDPR and business email compromise drive greater frequencies

Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Executive Leaders Network
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
Mark Albala
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
Don Grauel
 
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docxRunning head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
wlynn1
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurity
Mark Albala
 

Similar to Cyber Claims: GDPR and business email compromise drive greater frequencies (20)

White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdf
 
Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Aon Cyber Newsletter v10
Aon Cyber Newsletter v10
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
 
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
 
Article global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wrightArticle global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wright
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 
5 Security Trends to Watch in 2020
5 Security Trends to Watch in 20205 Security Trends to Watch in 2020
5 Security Trends to Watch in 2020
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019
 
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
 
7 top tips to protect your business from BEC [infographic] By Stellarise
7 top tips to protect your business from BEC [infographic] By Stellarise7 top tips to protect your business from BEC [infographic] By Stellarise
7 top tips to protect your business from BEC [infographic] By Stellarise
 
The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...
The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...
The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...
 
IE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReport
 
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docxRunning head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
 
As telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcAs telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwc
 
IBM Security Services
IBM Security ServicesIBM Security Services
IBM Security Services
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurity
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
 

More from Δρ. Γιώργος K. Κασάπης

The economics of climate change: no action not an option
The economics of climate change: no action not an optionThe economics of climate change: no action not an option
The economics of climate change: no action not an option
Δρ. Γιώργος K. Κασάπης
 
Promise and peril: How artificial intelligence is transforming health care
Promise and peril: How artificial intelligence is transforming health carePromise and peril: How artificial intelligence is transforming health care
Promise and peril: How artificial intelligence is transforming health care
Δρ. Γιώργος K. Κασάπης
 
Amnesty International: Death sentences and executions 2020
Amnesty International: Death sentences and executions 2020 Amnesty International: Death sentences and executions 2020
Amnesty International: Death sentences and executions 2020
Δρ. Γιώργος K. Κασάπης
 
Aviva: How we live
Aviva: How we liveAviva: How we live
Aviva: How we live
Δρ. Γιώργος K. Κασάπης
 
Policyholder behavior to close the protection gap
Policyholder behavior to close the protection gap Policyholder behavior to close the protection gap
Policyholder behavior to close the protection gap
Δρ. Γιώργος K. Κασάπης
 
Regulatory Considerations for Digital Insurance Business Models
Regulatory Considerations for Digital Insurance Business ModelsRegulatory Considerations for Digital Insurance Business Models
Regulatory Considerations for Digital Insurance Business Models
Δρ. Γιώργος K. Κασάπης
 
2020 IIS global concerns report
2020 IIS global concerns report2020 IIS global concerns report
2020 IIS global concerns report
Δρ. Γιώργος K. Κασάπης
 
/freedom in thw World 2020
/freedom in thw World 2020/freedom in thw World 2020
/freedom in thw World 2020
Δρ. Γιώργος K. Κασάπης
 
What happened to jobs at high risk of automation?
What happened to jobs at high risk of automation?What happened to jobs at high risk of automation?
What happened to jobs at high risk of automation?
Δρ. Γιώργος K. Κασάπης
 
Helping people stay in their homes tied to fewer Covid-19 cases
Helping people stay in their homes tied to fewer Covid-19 casesHelping people stay in their homes tied to fewer Covid-19 cases
Helping people stay in their homes tied to fewer Covid-19 cases
Δρ. Γιώργος K. Κασάπης
 

More from Δρ. Γιώργος K. Κασάπης (20)

The economics of climate change: no action not an option
The economics of climate change: no action not an optionThe economics of climate change: no action not an option
The economics of climate change: no action not an option
 
Promise and peril: How artificial intelligence is transforming health care
Promise and peril: How artificial intelligence is transforming health carePromise and peril: How artificial intelligence is transforming health care
Promise and peril: How artificial intelligence is transforming health care
 
Amnesty International: Death sentences and executions 2020
Amnesty International: Death sentences and executions 2020 Amnesty International: Death sentences and executions 2020
Amnesty International: Death sentences and executions 2020
 
Aviva: How we live
Aviva: How we liveAviva: How we live
Aviva: How we live
 
Policyholder behavior to close the protection gap
Policyholder behavior to close the protection gap Policyholder behavior to close the protection gap
Policyholder behavior to close the protection gap
 
Regulatory Considerations for Digital Insurance Business Models
Regulatory Considerations for Digital Insurance Business ModelsRegulatory Considerations for Digital Insurance Business Models
Regulatory Considerations for Digital Insurance Business Models
 
Interner of Things Iinsurance gateway
Interner of Things Iinsurance gateway Interner of Things Iinsurance gateway
Interner of Things Iinsurance gateway
 
Transpareny international 2021 report: paying for views
Transpareny international 2021 report: paying for views Transpareny international 2021 report: paying for views
Transpareny international 2021 report: paying for views
 
2020 IIS global concerns report
2020 IIS global concerns report2020 IIS global concerns report
2020 IIS global concerns report
 
What North America’s top finance executives are thinking - and doing
What North America’s top finance executives are thinking - and doingWhat North America’s top finance executives are thinking - and doing
What North America’s top finance executives are thinking - and doing
 
/freedom in thw World 2020
/freedom in thw World 2020/freedom in thw World 2020
/freedom in thw World 2020
 
Women, Business and the Law 2021
Women, Business and the Law 2021Women, Business and the Law 2021
Women, Business and the Law 2021
 
Oecd Competition Trends 2020
Oecd Competition Trends 2020Oecd Competition Trends 2020
Oecd Competition Trends 2020
 
Long-erm Care and Health Care Insurance in OECD and Other Countries
Long-erm Care and Health Care Insurance in OECD and Other CountriesLong-erm Care and Health Care Insurance in OECD and Other Countries
Long-erm Care and Health Care Insurance in OECD and Other Countries
 
Global insurance market trends 2020
Global insurance market trends 2020Global insurance market trends 2020
Global insurance market trends 2020
 
OECD: Artificial Intelligence's impact on the labour market
OECD: Artificial Intelligence's impact on the labour marketOECD: Artificial Intelligence's impact on the labour market
OECD: Artificial Intelligence's impact on the labour market
 
What happened to jobs at high risk of automation?
What happened to jobs at high risk of automation?What happened to jobs at high risk of automation?
What happened to jobs at high risk of automation?
 
Prescription drug prices in U.S. more than 2.5 times higher than in other cou...
Prescription drug prices in U.S. more than 2.5 times higher than in other cou...Prescription drug prices in U.S. more than 2.5 times higher than in other cou...
Prescription drug prices in U.S. more than 2.5 times higher than in other cou...
 
‘A circular nightmare’: Short-staffed nursing homes spark Covid-19 outbreaks,...
‘A circular nightmare’: Short-staffed nursing homes spark Covid-19 outbreaks,...‘A circular nightmare’: Short-staffed nursing homes spark Covid-19 outbreaks,...
‘A circular nightmare’: Short-staffed nursing homes spark Covid-19 outbreaks,...
 
Helping people stay in their homes tied to fewer Covid-19 cases
Helping people stay in their homes tied to fewer Covid-19 casesHelping people stay in their homes tied to fewer Covid-19 cases
Helping people stay in their homes tied to fewer Covid-19 cases
 

Recently uploaded

All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
ruhi
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
SUHANI PANDEY
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
Delhi Call girls
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
tanu pandey
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
 

Recently uploaded (20)

All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 

Cyber Claims: GDPR and business email compromise drive greater frequencies

  • 1. Claims Intelligence Series Cyber Claims: GDPR and business email compromise drive greater frequencies
  • 2. Business email compromise (BEC) has overtaken ransomware and data breach by hackers as the main driver of AIG EMEA1 cyber claims, according to the latest cyber claims statistics. Nearly a quarter of reported incidents in 2018 were due to business email compromise (BEC), up significantly from 11% in 2017. Ransomware, data breach by hackers and data breach due to employee negligence were the other main breach types in 2018. Business email compromise Ransomware Data breach by hackers Data breach due to employee negligence (e.g. sending data to the wrong person) Impersonation fraud Other virus/malware infections System failure/outage Physical loss or theft of information assets (e.g. stolen laptop) Other* Other cyber extortions (non-ransomware) 23% 18% 14% 14% 8% 6% 5% 5% 4% 3% Fig 1 Cyber Claims received by AIG EMEA (2018) – By reported incident *Denial of Service Attacks, Legal/Regulatory Proceedings based on violations of data privacy regulations At a Glance • Business Email Compromise (BEC) is now the top cause of loss for cyber claims followed by ransomware which is becoming increasingly targeted and disruptive, affecting business interruption costs. All cyber attack impacts are still greatly influenced by human error. • Professional Services is now the sector hardest hit by cyber claims, followed by Financial Services. However, incidents continue to spread among a range of sectors, indicating that no industry is immune to cyberattack. • The long term trend of increasing claims frequency continued in 2018 with around as many claims as the previous two years combined. BEC2 has entered the report this year under a new category given the high number of BEC-related claims received by AIG over the past 12 months. In most cases the compromise can be traced back to a phishing email containing a link or attachment. If the recipient engages with the content of a phishing email it may allow intrusion into the user’s inbox. The majority of users are familiar with the concept of phishing emails but there remains a high number of incidents where the user follows a link directing the recipient to a bogus login screen. As soon as the victim enters their credentials, they are captured by the cyber-criminal who then has the necessary information to login to the victim’s email account. The perpetrator is then able to send and receive emails from the victim’s email address and access all the information in the victim’s email inbox. In many cases the BEC is exacerbated by malware that spreads the scam to contacts in the recipient’s inbox. A relatively simple type of scam, BEC attackers often target individuals responsible for sending payments, using spoof accounts to impersonate the company C-suite or a supplier and requesting money transfers, tax records and/or other sensitive data. 1 Europe, Middle East Africa 2 Previously, such attacks fell within the scope of ‘other security failure/unauthorised access’. Methodology AIG carried out an analysis of more than 1,100 EMEA claims notified under its cyber policies between 2013 and December 2018. The results of this analysis show general insights into this area only. It should be noted that other industries and sectors not highlighted in this report may also experience frequent and severe claims. In 2018, the number of claims notified under AIG’s cyber policies were broadly commensurate with AIG’s premium growth for this product. Page 2 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
  • 3. Other attacks focus on the content of the recipient’s inbox, harvesting client and employee information, including personal data. They may also target confidential corporate information, including trade secrets, but most are motivated by monetary gain. “Ultimately what’s behind a lot of these compromises is organised crime,” says Jonathan Ball, partner at Norton Rose Fulbright. “They’re not interested in stealing personal data and selling it on the dark web. It’s pure financial fraud.” BEC attacks are often successful because they use social engineering to create emails that appear legitimate. Even larger organisations may fall for the scams, explains Jose Martinez, vice president of financial lines major loss claims, EMEA, AIG, suggesting more investment is needed to train staff to better identify rogue messages. “We’re still seeing a surprisingly high level of these forms of fraud being perpetrated and some are affecting quite large and sophisticated clients. You may think that every CFO at a large company would know about this by now, but it’s still happening.” For covered BEC and impersonation fraud claims the cyber policy provides for the cost of an IT forensic investigation to determine whether the insured’s system was compromised and identify the compromised data. The policy also covers legal advice on reporting and notification obligations to data subjects and regulators though insurance cover for financial loss due to criminal activity is often restricted. “These incidents are becoming more expensive to investigate,” notes Mark Camillo, head of cyber for EMEA at AIG. “When a malicious actor gains access to the mailbox you have to do a deep dive, understand what information they may have gained access to and whether it has triggered any GDPR requirements.” Although financial services firms were the first buyers of cyber insurance and the largest sector, we saw professional services firms move ahead in 2018 in the number of reported claims. This is also the sector most vulnerable to business email compromise. Year-on-year, the number of claims emanating from professional services firms including law firms and accountants, increased from 18% to 22%. Camillo thinks such firms can be more prone to BEC because of a lack of sophistication when it comes to cyber security. “The criminals are going to go where they can make the most money,” he says. “Because they are so heavily regulated you tend to find that financial services firms have better controls than other sectors, including professional services.” He hypothesises that when the Revised Technical Standard as part of the Payment Services Directive (PSD2) comes into place in September 2019, there may be a decrease in the frequency of BEC attacks. Under the directive, payment services providers will be required to comply with requirements for strong customer authentication (SCA) and third party access to bank accounts, which should make it more difficult for fraudsters to steal and divert funds. Poor password hygiene is a recurring issue for firms targeted by BEC, with cyber-criminals exploiting companies that have not activated their Microsoft Office 365 security functions, where the default settings do not enable all the necessary security features such as multi-factor authentication. This remains a high frequency incident that is reported to AIG’s cyber claims team on almost a daily basis, according to Kathy Avery, financial lines major loss adjuster, AIG. Professional Services Financial Services Business Services Retail / Wholesale Manufacturing Public Entity Non-Profit Communications Media Technology Hospitality Leisure Transportation Logistics Energy Utilities Other Industries /Services Healthcare (Hospitals, Pharmaceuticals) Other* 22% 15% 12% 9% 8% 8% 7% 4% 3% 3% 3% 3% 2% *Food Beverage, Construction, Education Note: Figures may not add up to 100% due to rounding Fig 2 Cyber Claims received by AIG EMEA (2018) – By industry Page 3 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
  • 4. “For businesses affected by BEC, it can be very damaging reputationally,” she continues. “There is always a lot of concern from insureds about how they are going to notify their clients. And often they only find out about the compromise because their clients are receiving spoof and phishing emails that appear to be coming from the insured and they have arisen as a result of the compromise.” The security concern around passwords and multifactor authentication is valid, but it remains the case that many simple attacks can be prevented by improving staff awareness of phishing emails and through implementing a clear protocol for dealing with suspect emails. Financial services is now the second sector responsible for the most cyber claim notifications. Having previously commanded the top spot, it is now responsible for 15% of claims in 2018, down from 18% the previous year. However, the percentages do not reflect the whole story. Total claim notifications from financial services customers in fact nearly doubled between 2017 and 2018, showing the sector is still highly targeted in spite of its more sophisticated approach to cyber risk. The same is true for hospitality and leisure. While proportionally down from 5% to 4% year-on-year, real claims numbers again nearly doubled in 2018. “We see a lot of loyalty scheme breaches, with hospitality firms and airlines typically affected,” says Ball. “Many of the hospitality brands are franchises but they share their member data and often anybody at any hotel in the world can access this membership data.” The Human Factor Human errors and behavior continue to be a significant driver of cyber claims. Despite encouragement by many organisations, employees often use weak passwords or the same passwords across multiple applications, for instance. “One household name we insure foiled an attack after they detected a presence in their system,” says Kathy Avery. “They decided they should reset all the passwords and asked all employees to adopt new passwords, but found they could not get rid of the intruder because of this password hygiene issue. So they had to do it a second time using randomly-generated passwords for every user and that, finally, succeeded in shutting down access.” In this year’s claims statistics, claims notifications for employee negligence doubled from seven percent to 14%. Losses are driven by staff sending out emails containing company data to the wrong individuals or losing laptops and other devices. And under GDPR there has been an increase in notifications for such incidents. “We’re seeing issues such as where attachments to emails are not properly checked before they are sent, and, inadvertently, the sender of what he or she believes is a single confidential personal data record being sent to the relevant data subject, ends up sending out a much larger collection of confidential personal data records of other data subjects,” says Jonathan Ball. Another common error involves Excel spreadsheets. “Too many employees don’t understand how Excel works and that, for example, it might be that you can only see certain data on the spreadsheet on your screen, but that’s because you’ve got the filtering button switched on,” says Ball. “And then they send the document out without realising that if the recipient goes to the top line and presses ‘filter off’ another hundred thousand lines of data appear. We recently dealt with quite a big breach incident that occurred in this way for one of the banks.” “You get all sorts of human error still creeping in,” he continues. “People are still clicking on phishing emails all the time, despite training. And one of the things that really exacerbates the cost of dealing with incidents, including increasing the need for and costs of notifications to regulators and data subjects, is the use by employees of company email for private matters, particularly private financial matters.” Page 4 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
  • 5. Targeted ransomware on the rise Ransomware, the leading breach type in 2017 when it was responsible for 26% of notifications, has become marginally less prevalent, causing 18% of cyber claims notifications in 2018. However, as predicted in last year’s report, there are a number of instances that show ransomware and extortion type attacks are becoming more targeted, with the attack on Norsk Hydro one of the more high-profile examples. The Norwegian aluminium smelting giant fell victim to a difficult- to-detect strain of ransomware known as “LockerGoga”, through which cyber-criminals gained access to the company’s networks in a targeted attack. The company was forced to halt production at a number of plants across Europe and the US and was forced to switch to manual operations as it attempted to contain the issue, causing widespread business interruption (BI) losses. The decision whether or not to pay a ransomware or extortion demand continues to be influenced by how well an organisation has backed up its data, and the potential business interruption that may ensue. “The impact of ransomware can be very much mitigated if there is good practice with backups,” says Avery. “But time and time again we see there are poor procedures.” Meanwhile, the ransom requests have increased in size. While the initial amounts demanded by WannaCry ransomware attackers were between $300 to $600, in 2018 there have been cases where cyber-criminals have requested tens of thousands to millions of dollars. Meanwhile, the disruption and BI costs associated with such attacks have risen. And in an era of GDPR, there is also the need to establish whether sensitive data has been compromised. “We’ve seen a higher incidence of extortion in 2018 and a bigger expense in enabling systems to get back online,” says Camillo. “Even if you pay a ransom in order to decrypt your files, it is a very laborious process of double checking that the decryption will work, and then isolating your data to make sure you don’t get re-infected and cleaning your files before reinstalling everything. It’s very expensive and it’s very disruptive as well as being a last resort, where allowable by law.” He anticipates that cyber business interruption claims will continue to be significant going forward, as ransomware and extortion attacks become more targeted, and as insureds become more aware of the scope of their cover. “We anticipate an increase in claims on a global level,” says Camillo. “Targeted incidents, such as the attack at Norsk Hydro, could become more of a concern in 2019. The rapid spread of malware or attack of a critical service provider by state- sponsored actors could cause widespread business interruption losses and impact a wide range of industries, potentially also causing significant physical damage.” Page 5 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
  • 6. Claims frequency and the GDPR effect There has been a pronounced “GDPR effect” on the overall claims frequency in 2018, with a spike in notifications following implementation of the EU General Data Protection Regulation in May 2018. The provisions of the new rules, including strict breach notification guidelines, is resulting in timely notifications from clients. “There is a very strict time limit, particularly for notifying the regulator, and the effect of that is an increase in initial costs,” says Avery. “Under our policy, we have a 48 or 72-hour period where we pick up the initial costs, and we’re seeing increased claim activity for these early periods as a result of GDPR. In addition, the legal forensic and IT costs have also increased, which can lead to bigger payouts under the policy.” Just under 20% of AIG’s claims received in 2018 included a notification under the GDPR, with the adjusting costs significantly higher in comparison to claims where there was no data breach notification. Claim activity from our First Response hotline has increased by over 50% for claims where data subjects and/or the data authority were notified, with insureds receiving legal advice and assistance in preparing their regulatory notices. “We’re seeing a lot of work for our firm, and obviously increased fees incurred by the insured and/or by the insurer, in managing GDPR issues for breaches that are really quite minor,” says Norton Rose Fulbright’s Jonathan Ball. “The kind of incidents that pre-GDPR an organisation would probably have dealt with themselves without external legal counsel.” Within Europe there is a clear north/south divide when it comes to GDPR data breach notifications, with northern Europe responsible for the vast majority of notifications, suggesting a difference in compliance culture. For example, where in Ireland 48% of the claims reported resulted in notification to a regulator, less than 10% of claims reported in Spain were notified. GDPR may also apply to clients based in jurisdictions outside of Europe. This is borne out by an increase in notifications from the Middle East and Africa region, where there has been more claims activity over the past 12 months. Breaking down AIG’s cyber claims statistics by region, it shows there have been significant increases in notifications coming from Belgium, the Netherlands, Germany, France and Ireland over the past 12 months while claims from Sweden and Greece have also grown. Page 6 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
  • 7. 2014 2% 2015 7% 2013 0.2% Fig 3 Cyber Claims Received by AIG EMEA (2013-2018) - Volume 2017 28% 2016 18% 2016-17 46% 2018 45% Looking Forward: Move towards affirmative cover The long-term trend of increasing claims frequency has continued in 2018 as it did over the previous five years, reflecting both the growth and maturity of AIG’s cyber book of business as well as the increasing sophistication of buyers and knowledge of the scope of the product. As cyber becomes a growing exposure for many organisations, based on our claims experience, anticipated losses will continue to grow in both frequency and severity across different industries. Camillo notes a continued move towards affirmative coverage by clients keen to ensure that their policies respond as anticipated. “There have been some misperceptions recently in the press about cyber coverage.” “What our claims numbers clearly show is that more people are buying the coverage and the product is responding to our clients’ needs” he continues. “It includes flexible coverage and it is very easy to notify us about an event through the hotline. Clients are showing a preference for affirmative cyber cover, which will indemnify them against a wide range of covered losses, including privacy events, cyber extortion and network business interruption including outsourced service providers and system failure.” Page 7 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
  • 8. Manufacturer pays €25,000 ransom after suffering business interruption An attack on the IT systems of the insured took place through a malicious program of the ransomware type known as “Detractor”. Three servers of the infrastructure were affected, which were encrypted, leading to encryption of the folders. The available back-ups, which were on a different server, were deleted (presumably by the cyber-criminals). Therefore, the affected systems could not be restored through the back-ups. Simultaneously, the attackers demanded that the insured pay a ransom in order to decrypt the system. The insured’s operation had ground to a halt as a result of not being able to restore the affected systems. It could not deliver shipments or receive materials and was not able to make payments or to collect accounts receivables. The aim of the ransomware was not to steal information and there had not been a breach of personal information. On Event Day 10 therefore, the insured paid a ransom of €25,000 in BitCoin and was able to restore its operations. AIG covered the cost of the ransom, incident response costs and the extensive network interruption, which included an increased cost of working and cancelled orders. Email account compromised at Financial Services Intermediary The insured, an SME professional services firm, was alerted to a cyber incident after receiving notifications from various clients who had received a suspicious email from an employee of the firm. The email contained various links and attached a PDF invoice requesting payment from the recipients. Upon initial investigation it was determined that the employee’s email account had been compromised and a phishing email containing an attached invoice had been sent to 5,500 email addresses. The insured was proactive in taking corrective action regarding the phishing email, notifying the 720 email contacts of the compromised account, urging them not to click on the attachment PDF. The passwords of both the compromised email account and those belonging to other employees in the firm were changed. AIG recommended the insured notify the ICO as a matter of caution, despite the fact the only identifiable information from the phishing emails was the recipients’ names and places of work. The recommendation to notify was partly driven by the nature of the firm’s business, including sale of cyber insurance products, and reputational considerations. Claims case studies* *The scenarios described herein are offered only as examples. Coverage depends on the actual facts of each case and the terms, conditions and exclusions of each individual policy. Anyone interested in the above product(s) should request a copy of the policy itself for a description of the scope and limitations of coverage. Page 8 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
  • 9. Breached network at Middle East-based global energy and logistics firm Late last year the insured suffered a number of brute force attacks on their network infrastructure, which resulted in the cyber- criminals gaining access to their network, most likely via their email cloud host although the specific method of intrusion is still under investigation. The insured’s network comprises roughly 5,000 end point devices and, following discovery, an initial sweep identified approximately 2,900 units that may have been compromised. As a result, all users were forced to change their passwords and, subsequently, two-factor authentication was introduced. The insured engaged with AIG’s service providers under the policy’s First Response 72-hour cover period. Due to government restrictions, the insured was unable to allow their data to be handled outside of the country and therefore IT forensics were initially restricted to providing advice by telephone and email. But AIG was able to provide a local IT forensics team to carry out investigations on site, alongside the insured and their cyber-security advisors. The initial focus was to identify access points and ensure these were closed to the cyber-criminals. As a result of identification of the compromised access points, along with network traffic analysis, it was possible to identify how the attackers had gained access to user accounts. It was also identified that the attackers had potentially gained access to user email accounts and in excess of 2,000 files containing personal data, alongside confidential company data including tenders, project details and financials. Over six months later investigations into a potential compromise to email accounts remains ongoing as does the examination and analysis of compromised data. Costs are still being incurred and to date exceed $300,000. Retailer hit by ransomware and business interruption The insured is an international retailer with over 100 stores and an online presence. Whilst they were undertaking some changes to their IT systems and data storage they suffered what appeared to be a targeted, sophisticated cyber attack which encrypted all their files, including those held in the cloud. The cyber-criminals demanded a ransom for providing a decryption code. AIG immediately appointed forensic IT specialists who were onsite non-stop for long periods, initially working to secure the system and attempting to retrieve unencrypted data. This proved very difficult and was not achievable in a timescale to allow resumption of normal business. The shops were still able to trade using manual tills but the attack left them unable to replenish stock in stores or process online orders, which led to a major business interruption. Although reluctant to engage with the cyber criminals, after a prolonged period of being unable to fully trade the insured decided to pay the ransom demand ($150,000 in Bitcoin). AIG assisted the insured in sourcing Bitcoin. After the ransom was paid the decryption code was provided but all files had to be manually decrypted using the code, a painstaking and costly process in terms of labour, which was paid for by AIG consistent with the terms of the policy. AIG also covered the cost of additional fees to the insured’s various existing software providers for additional support and equipment to facilitate the decryption process. The insured held only £1M of cover, which proved inadequate and the policy limit was paid to the insured when interim business interruption losses exceeded £550,000. IT forensic fees alone exceeded £500,000. On this occasion the IT investigation confirmed that there was no evidence to suggest any personal data was accessed or extracted, and legal advice was given to the effect that notice to the ICO was not required. The terms of the insured’s policy covered the cost of the legal advice IT investigation. Page 9 GDPR and business email compromise drive greater frequenciesClaims Intelligence Series
  • 10. www.aig.com GBL00003595 0719 This document considers cyber claims in the context of an AIG insurance programme only. Reliance upon, or compliance with, any of the information, suggestions or recommendations contained herein in no way guarantees the fulfilment of your obligations under your insurance policy or as may otherwise be required by any laws, rules or regulations. The purpose of this document is to provide information only and you should not take any action in reliance on the information contained in this document. This document is not a substitute for you undertaking your own investigations and obtaining professional or specialist advice. No warranty, guarantee, or representation, either expressed or implied, is made as to the correctness or sufficiency of any representation contained herein. AIG does not accept any liability if this document is used for an alternative purpose from which it is intended. American International Group, Inc. (AIG) is a leading global insurance organisation. Building on 100 years of experience, today AIG member companies provide a wide range of property casualty insurance, life insurance, retirement products, and other financial services to customers in more than 80 countries and jurisdictions. These diverse offerings include products and services that help businesses and individuals protect their assets, manage risks and provide for retirement security. AIG common stock is listed on the New York Stock Exchange. Additional information about AIG can be found at www.aig.com and www.aig.com/strategyupdate | YouTube: www.youtube.com/aig | Twitter: @AIGinsurance | LinkedIn: www.linkedin.com/company/aig. AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc. For additional information, please visit our website at www.aig.com. All products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Products or services may not be available in all countries, and coverage is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. American International Group UK Limited is registered in England: company number 10737370. Registered address: The AIG Building, 58 Fenchurch Street, London EC3M 4AB. American International Group UK Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority (FRN number 781109). This information can be checked by visiting the FS Register (www.fca.org.uk/register). Mark Camillo Head of Cyber EMEA Tel: T +44 (0)20 7651 6304 mark.camillo@aig.com Kathy Avery Financial Lines Major Loss Adjuster Tel +44 (0)20 7063 5423 kathy.avery@aig.com José Martinez VP, Financial Lines Major Loss Claims, EMEA Tel: +34 91 5677 431 jose.martinez@aig.com CLAIMS FIRST