Even large, sophisticated organisations are falling victim to business email compromise, according to AIG's cyber claims intelligence Business email compromise (BEC) overtook ransomware and data breach by hackers as the main driver of AIG cyber claims in 2018. Nearly a quarter of all reported incidents were due to BEC and in most cases the compromise could be traced back to a phishing email containing a link or attachment.

Professional services firms are common targets for BEC with attacks typically carried out by organised criminal gangs for monetary gain. Using a phishing email the perpetrator gains access to the victim's business email account, allowing them to send and receive emails, through which they divert funds.

Even large organisations are falling victim to this form of financial fraud. Firms are being encouraged to train staff to identify suspicious emails, even if they are very convincing. Due to requirements under the EU General Data Protection Regulation (GDPR) BEC incidents are becoming more expensive to investigate when they occur, according to Mark Camillo, head of cyber for EMEA at AIG.

"When a malicious actor gains access to the mailbox you have to do a deep dive in order to understand what information they may have gained access to. While most BEC attacks are purely financially motivated, it is important to understand whether any sensitive data has been compromised."

GDPR and Affirmative Cyber

GDPR has led to an increase in claims frequency with clients in Northern Europe responsible for the majority of data breach notifications. The EU's new rules include strict time limits, encouraging policyholders to notify AIG's cyber claims team, even in instances of a minor or uncertain breaches. Meanwhile, the legal forensic and IT costs have also gone up, resulting in bigger payouts under the policy.

The cost of ransomware is also on the rise, due to more targeted attacks and rising costs associated with business interruption. There has been a concerted move towards affirmative coverage with clients keen to ensure policies respond as expected.

"There have been some misperceptions in the press about cyber coverage, following claims disputes over war exclusions in property and K&R policies," said Camillo. "There was the suggestion that cyber products may also be limited in scope, which is simply not true."

"Clients are showing a preference for affirmative cyber cover, which will indemnify them against a wide range of losses, including privacy events, cyber extortion and broad network business interruption coverage."