Many companies are also unsure whether their cyber insurance policy is up-to-date


Nearly 64% of firms don’t have any cyber insurance, according to research by email security company Mimecast.

The survey of 436 companies found that almost half (45%) of firms are unsure whether their cyber insurance policy is up-to-date.

The research also found that 10% of companies believe their policies are up-to-date, and 43% of firms with cyber insurance are confident that their policies would pay out for so-called whaling attacks, where a cyber-criminal fools a company employee into making transactions on behalf of a chief executive or chief financial officer.

The survey also highlighted an increase in untargeted phishing emails. Some 65% have seen targeted phishing attacks grow and 67% have seen a spike in whaling attacks.

Mimecast director of security product management Steven Malone said: “Cyber insurance uptake is growing quickly but a lack of employee training on the latest email attacks is leaving organizations at great risk of breaking policy terms.

“While insurers often pay for clean-up fees after a breach, it is important that organizations check that their policies protect them if an employee is tricked into sending a large amount of money to a fraudulent account.”

Mimecast surveyed companies in the US, UK, South Africa and Australia. The companies surveyed were a mix of small, medium and large organisations. However, the large majority were medium sized firms in the UK and the US.