AIG: Business Email Compromise the Biggest Fraud Driver

A Summary into the AIG Insurance’s Report on Fraud; Business email compromise (BEC) has overtaken ransomware and data breach by hackers as the main driver of AIG EMEA cyber claims, according to the latest cyber claims statistics.

At a Glance

1. Business Email Compromise (BEC) is now the top cause of loss for cyber claims followed by ransomware which is becoming increasingly targeted and disruptive, affecting business interruption costs. All cyber attack impacts are still greatly influenced by human error.
2. Professional Services is now the sector hardest hit by cyber claims, followed by Financial Services. However, incidents continue to spread among a range of sectors, indicating that no industry is immune to cyberattack.
3. The long term trend of increasing claims frequency continued in 2018 with around as many claims as the previous two years combined.

Source; AIG Report

Methodology

In March 2019, AIG carried out an analysis of more than 1,100 EMEA claims notified under its cyber policies between 2013 and December 2018. The results of this analysis show general insights into this area only. It should be noted that other industries and sectors not highlighted in this report may also experience frequent and severe claims. In 2018, the number of claims notified under AIG’s cyber policies were broadly commensurate with AIG’s premium growth for this product.

The Human Factor

Human errors and behavior continue to be a significant driver of cyber claims. Despite encouragement by many organisations, employees often use weak passwords or the same passwords across multiple applications

Targeted Ransomware on the Rise

Ransomware, the leading breach type in 2017 when it was responsible for 26% of notifications, has become marginally less prevalent, causing 18% of cyber claims notifications in 2018.

However, as predicted in last year’s report, there are a number of instances that show ransomware and extortion type attacks are becoming more targeted, with the attack on Norsk Hydro one of the more high-profile examples.

Claims frequency and the GDPR effect

There has been a pronounced “GDPR effect” on the overall claims frequency in 2018, with a spike in notifications following implementation of the EU General Data Protection Regulation in May 2018. The provisions of the new rules, including strict breach notification guidelines, is resulting in timely notifications from clients.

Looking Forward: Move towards Affirmative Cover

The long-term trend of increasing claims frequency has continued in 2018 as it did over the previous five years, reflecting both the growth and maturity of AIG’s cyber book of business as well as the increasing sophistication of buyers and knowledge of the scope of the product. As cyber becomes a growing exposure for many organisations, based on our claims experience, anticipated losses will continue to grow in both frequency and severity across different industries.

Claims case studies

Manufacturer pays €25,000 ransom after suffering business interruption

An attack on the IT systems of the insured took place through a malicious program of the ransomware type known as “Detractor”. Three servers of the infrastructure were affected, which were encrypted, leading to encryption of the folders.

Breached network at Middle East-based global energy and logistics firm

Late last year the insured suffered a number of brute force attacks on their network infrastructure, which resulted in the cyber- criminals gaining access to their network, most likely via their email cloud host although the specific method of intrusion is still under investigation. The insured’s network comprises roughly 5,000 end point devices and, following discovery, an initial sweep identified approximately 2,900 units that may have been compromised. As a result, all users were forced to change their passwords and, subsequently, two-factor authentication was introduced.

Email account compromised at Financial Services Intermediary

The insured, an SME professional services firm, was alerted to a cyber incident after receiving notifications from various clients who had received a suspicious email from an employee of the firm. The email contained various links and attached a PDF invoice requesting payment from the recipients.

Upon initial investigation it was determined that the employee’s email account had been compromised and a phishing email containing an attached invoice had been sent to 5,500 email addresses.

Retailer hit by ransomware and business interruption

The insured is an international retailer with over 100 stores and an online presence. Whilst they were undertaking some changes to their IT systems and data storage they suffered what appeared to be a targeted, sophisticated cyber attack which encrypted all their files, including those held in the cloud. The cyber-criminals demanded a ransom for providing a decryption code.

You can read a detailed report by aig on Cyber Claims Report