Types of cyber claim and ways to prevent them

10th April 2019 5 min read

It’s no exaggeration to say that experiencing a loss as a result of a cyber breach can be devastating for your business. So, however big or small, our priority is to resolve your claim as quickly as possible. Of course, what we’d really like to do is help you ensure you never have to make a claim in the first instance, and below we share some tips for avoiding the pain.

Recently, we’ve seen a dramatic increase in cyber crime claims that relate to email accounts being compromised, allowing hackers to gain access to sensitive information including bank details.  Here’s just a couple of examples:

Example 1

A hacker used an employee’s email account to send an email purportedly from the treasury team approving client funds to be sent to bank accounts controlled by the hackers, which resulted in an irrecoverable loss of just over £90,000.

Example 2

A hacker set up an auto-forward function allowing a bogus email to be sent purporting to come from a senior member of their finance team in relation to a payment, requesting a client’s fee letter. This was discovered in time, but the hacker had access to potentially sensitive information.

Our experience suggests that the vast majority of cyber claims could have been avoided with two factor authentication. Simply adding a secondary password can prevent unauthorised access to accounts.  As a minimum, two-factor authentication should be in place for senior staff and those who work in the finance department.

Preventative actions

We strongly recommend that, if you haven’t already, you take these actions straight away:

  • Alert all your colleagues about the types of hack outlined above and specifically tell them that remote workers who use web access to connect to their email are most vulnerable.

  • Train your staff about the very real threat of phishing emails, and then test them. Many cyber insurance policies come with risk management tools including employee training modules.

  • Tell them that in most phishing emails the sender’s email address is not genuine and should always be checked. If fred.smith@abc.com has become fred.smith@abc1.com they know there’s an issue.

  • Always hover your mouse over a link in an email because if it’s a fraudulent email it is likely to display a URL, not a genuine one.

  • If in any doubt, contact the sender by phone to check the email is genuine before making any payments.

Taking steps to prevent exposure is always the best course of action.  But, should the worst happen, knowing you are covered can make all the difference.

If you’d like to find out more or discuss the steps you have in place please contact your Miles Smith Account Executive or call the team on 020 7977 4800.

Find out more about our cyber insurance proposition:

What are you looking for?

Close
Showing results for

Request a call back

Morning (9am- 12pm)Afternoon (12pm to 5pm)Anytime

Optional callback time

No callbackMorning (9am- 12pm)Afternoon (12pm to 5pm)Anytime