Today, Coalition serves over 25,000 small and midsize organizations across every sector of the US and Canada. As the fastest growing provider of cyber insurance globally, we have the fortune (and misfortune) of seeing an ever-increasing number of insurance claims. We collected our claims data, analyzed the numbers, and put together a report to share our insights.
Our H1 2020 Cyber Insurance Claims Report explores top cybersecurity trends and threats facing organizations at this moment, in addition to data showing the impact of COVID-19 on cyber insurance claims. After reviewing our claims data, a few things became clear about cyber risk.
Cyber losses are increasing in number and severity. The broad adoption of technology by organizations across all sectors has created new opportunities for cybercriminals. This trend is only increasing with the changes many organizations have implemented to facilitate remote work during the COVID-19 pandemic, and cybercriminals are actively using this to their advantage. Although the number of cyber attacks hasn’t increased dramatically, their rate of success has.
Cyber insurance works. For each and every claim we processed, cyber insurance went beyond the promise to pay, and to make the insured financially whole. It also played a critical role in helping the insured recover operationally.
Nothing and no one is 100% secure. Claims were made by small businesses, large businesses, for-profits, and nonprofits — across every industry and despite investments in cybersecurity.
The root causes of security failures are largely known and predictable. The implementation of basic cybersecurity controls could have avoided a majority of the claims and losses reported to us. No-cost and low-cost controls, such as multi-factor authentication (MFA) and routine out-of-band backups would have eliminated a majority of losses experienced.
Cyber attacks have increased in number and severity since the onset of the COVID-19 pandemic. The changes organizations implemented to facilitate remote work have given cybercriminals new opportunities to launch more unprecedented campaigns, exploiting mass uncertainty and fear.
Our findings indicate that ransomware (41%), funds transfer loss (27%), and business email compromise incidents (19%) were the most frequent types of loss — accounting for 87% of reported incidents and 84% of claims payouts in the first half of 2020. Digging deeper into what ultimately caused these claims, we found that:
Due to the transition of remote work, exploitation of remote access was the root cause of reported ransomware incidents
Email intrusion, invoice manipulation, and domain spoofing were the most common attack techniques for funds transfer fraud incidents
Organizations that use Microsoft Outlook for email were more than three times as likely to experience a business email compromise compared to organizations that use Google Gmail
We discovered that cyber insurance claims impacted businesses of all types and sizes in the first half of the year. However, certain industries, including consumer businesses (retail, hospitality, and food), healthcare, and financial services were more frequent targets of cyberattacks. Download the full H1 2020 Cyber Insurance Claims Report to see how your industry was affected, plus more information on how to prevent these attacks in the future.
If you are currently appointed with Coalition or a policyholder, you can access the full report from your dashboard.