BEC overtakes ransomware and data breaches in cyber-insurance claims

Share on facebook
Share on google
Share on twitter
Share on linkedin
Time to Read: 2 minutes

BEC-relatedcyber-insurance claims accounted for nearly a quarter of all claims in the EMEA region, AIG said.

Business email compromise (BEC) has overtaken ransomware and data breaches as the main reason companies filed a cyber-insurance claim in the EMEA (Europe, the Middle East, and Asia) region last year, said insurance giant AIG.

According to statistics published in July, AIG said that BEC-related insurance filings accounted for nearly a quarter (23%) of all cyber-insurance claims the company received in 2018.


Ransomware-related incidents came in in second place, accounting for 18% of all cyber-insurance claims in the EMEA region, followed by claims for data breaches caused by hackers and data breaches caused by employee negligence (e.g. sending data to the wrong person), both with 14%.

All in all, AIG said that cyber-insurance claims nearly doubled between 2017 and 2018 and that they received more cyber-insurance claims last year than in 2016 and 2017 combined.


The fact that BEC attacks ranked first is no surprise for industry experts. In April 2019, the FBI said losses caused by BEC (Business Email Compromise) scams doubled in 2018, compared to 2017 figures, and reached a whopping $1.3 billion, based on victim reports received by the agency’s Internet Crime Complaint Center (IC3).

AIG blamed the recent rise in BEC-related cyber-insurance claims on the poor security measures victim companies had in place, such as the use of poor passwords for email accounts, companies not using multi-factor authentication, or the lack of employee training in regards to email-based attacks.

Ransomware-related claims expected to grow

But despite BEC ranking first, AIG expects that ransomware may soon reclaim its top spot, which it held in the previous year, in 2017, when ransomware-related claims accounted for 26% of all cyber-insurance claims.

Related Article  Google warned 500 Indian users of 'govt-backed' hacking attempts from July to Sept

The number of ransomware-related cyber-insurance claims dropped in 2018 because ransomware attacks, in general, became more targeted.

Nowadays, ransomware gangs tend to go after companies and government organizations, rather than home consumers. The incidents are fewer, but the payouts for criminal gangs are larger.

But despite the smaller number of ransomware infections, AIG believes the number of cyber-insurance claims will go up, as enterprise and government victims learn that they can offset losses by filing a cyber-insurance claim.

A trend like this has already become widespread in the US. A recent ProPublica investigation discovered that insurance companies are now advising victims to pay the ransom demand and then file a cyber-insurance claim. This recent tactic, seen predominantly in the US, is a win-win strategy where the victim regains access to its files and the cyber-insurer gets away with covering a smaller claim for the ransom demand, rather than a bigger one for rebuilding a victim’s entire IT network.

Claims frequency and the GDPR

But the most interesting trend from the AIG report in regards to cyber-insurance claims filed in 2018 in the EMEA region is one that’s related to the EU’s new General Data Protection Regulation (GDPR).

AIG noted a pronounced “GDPR effect,” meaning that companies started filing more cyber-insurance claims after the GDPR came into effect in late May 2018.

The reason may be that companies can’t hide data breaches anymore, facing steep GDPR penalties, so they choose to go public and file a cyber-insurance claim to cover some of their costs and the impending GDPR fine.

AIG said that around a fifth of all cyber-insurance claims it received in 2018 in the EMEA region also included a public GDPR notification. Those insurance claims, AIG noted, included costs significantly higher in comparison to claims that didn’t result in a GDPR data breach notification.

Related Article  Cognizant to Target More of Smaller Deals as Part of its New Digital Strategy
Leave a Reply

RSS Latest Technology News

  • Diablo Immortal delayed to 2022 August 3, 2021
    The mobile Diablo spin-off gets more time for polish after feedback from its technical alpha.
    Wes Fenlon
  • Shiny New Xbox Controller Adds A Subtle Upgrade August 3, 2021
    Microsoft's latest special-edition controller for the Xbox Series X/S is called “Aqua Shift” and it comes out August 31. In addition to looking like a moonbeam shot through the ocean surf, it has a new rubberized panel to help you keep hold of it even when your ...
    Ethan Gach
  • Why AMD Stock Is Up More Than 4% Today August 3, 2021
    The new W6000X series GPUs will offer a huge performance upgrade for the Mac Pro, and a hefty price tag to boot. What happened. Shares of Advanced Micro Devices (NASDAQ:AMD) were up 4.2% today as of 3:30 p.m. EDT. The run higher builds on the ...
    Nicholas Rossolillo


Follow Us

BEC overtakes ransomware and data breaches in cyber-insurance claims

by NK Time to Read: 2 min
AI Tool to Reshape Treatment by Predicting Cell Behaviors
Get to know the latest updates on exponential technologies, new age industry segments with our weekly XTechalpha Xclusive newsletter straight in your mailbox.