Human error plays a huge role in driving cyber claims according to CFC, the specialist insurance provider and pioneer in emerging risk.
CFC’s own data reveals that approximately three quarters of cyber claims notified in 2018 involved some kind of easily-preventable human error. Theft of funds, ransomware, extortion and non-malicious data breaches usually start with a human error or oversight such as clicking on a phishing link or not following up a wire transfer request with a phone call.
“The material impact of a cyber event is real and it is becoming increasingly clear that many events could be prevented through basic employee awareness programmes on topics ranging from phishing scams to the importance of password complexity. Unfortunately, unless businesses start taking note of these increasingly prevalent incidents, the problem will only become more widespread. Cyber risk and security should be top of mind for business leaders,” says James Burns, cyber product leader at CFC.
However, he goes on to say that the responsibility doesn’t just lie with businesses.
“Cyber insurance is about more than just affirmative cover, so cyber insurance providers should be offering comprehensive risk management solutions that include things like cybersecurity training for employees. Small businesses, in particular, might not always have the time or resources required to seek out access to these vital tools, so a cyber insurance policy that can provide this is incredibly valuable. Along with other monitoring and preparedness tools, cyber education services help keep an event from occurring in the first place and ensure businesses are better able to respond and recover if it does.”
CFC regularly invests in its cyber infrastructure and offers comprehensive risk management services in conjunction with specialist partners like CyberRiskAware, Bitsight, RepKnight and others. Included at no additional cost with every cyber policy, CFC’s risk management services are designed to help businesses, particularly SMEs, proactively monitor and understand their cyber risk posture, educate and train their employees, and prepare for a potential cyber event should crisis strike.
To learn more, please read: