Is Cyber Insurance Failing?
A client of one of the country's largest insurers may be out $6 million after a successful email spoofing campaign from suspected Chinese hackers.
In a potentially precedent-setting case, insurance giant AIG is aggressively fighting a lawsuit brought by its client, SS&C Technologies.
"Hackers fleeced SS&C out of $5.9 million in 2016 by emailing company employees from spoofed email addresses."
To perpetrate the crime, attackers masqueraded as employees of Tillage Commodities Fund, a client of SS&C. Via spoofed emails, the criminals convinced SS&C employees to wire a total of nearly $6 million out of the client's account to Hong Kong bank accounts they controlled. Tillage has since shuttered as a result of the attack.
Sadly, this is one of many accounts of cyber insurers fighting clients' claims. Mondelez International, the maker of delicious Oreo cookies, suffered huge losses as a result of the NotPetya attack in 2016. Mondelez is in a multi-year court battle with its insurer, Zurich Insurance.
Zurich Insurance has refused to cover Mondelez’s losses from the NotPetya ransomware attack after the insurer defined the incident as an act of war.
While cyber insurance is still a critical piece of your defense-in-depth strategy, it remains to be seen how useful it will be in the event of disaster.
A good next step in reducing your risk profile is implementing INFIMA's behavior-focused vulnerability analysis and remediation today.