As cyber insurers become more experienced in what kinds of claims are being presented, and the threat action details therein, specific types of coverages are no longer being included.
I’ve written quite a few times about specific cyber insurance claim cases that required going to court to settle. And in most of them, the courts sided with the insurer because the wording in the cyber insurance policy made certain it was covering specific use cases. According to a recent article in JD Supra, cyber insurers are either eliminating the coverage entirely or are “have quietly added policy language that, in essence, makes it incredibly challenging, and in some instances impossible, to secure any actual recovery for the claim.”
In addition, they are adding in specific verbiage that any kind of fraud involving change of payment instructions must include that the policyholder “independently verify” the request – that is, use another medium instead of simply taking the word of an email purporting to be someone with authority to make the request in the first place.
What we’re seeing isn’t greed or bad faith on the part of the cyber insurer; in fact quite the contrary – they aren’t in the business of simply handing out checks, so they need to either put in specific requirements or remove/reduce coverages for cases where the risk is just too high because – yep, you guessed it – users come into the equation.
In the end, this is really the problem – even with all the security tech in the world in place, all it takes is a little social engineering and a user that’s not paying attention and you have yourself a successful case of fraud, and it’s subsequent cyber insurance claim.
The answer here isn’t to put more emphasis on the cyber insurer; instead the focus should be on preventing such attacks from being successful – accomplished by educating the user with Security Awareness Training designed to teach them about scam tactics and their role in the organization’s cyber security stance.
The world’s largest library of security awareness training content is now just a click away!
In your fight against phishing and social engineering you can now deploy the best-in-class simulated phishing platform combined with the world’s largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.
You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.
The ModStore Preview includes:
- Interactive training modules
- Trivia Games
- Posters and Artwork
- Newsletters and more!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/security-awareness-training-preview-partner?partnerid=001a000001lWEoJAAW