In 2018, business email compromise (BEC) accounted for 23% of cyber insurance claims received from Europe, the Middle East and Asia, according to statistics released by AIG.
Ransomware at 18% and data breaches at 14% of total claims were relegated to second and third places. Total claims in 2018 amounted to more than those in 2016 and 2017 combined.
Insurers in the US now advise victims to pay ransom demands and then make a cyber insurance claim. As a result, insurance companies are making smaller payouts to cover ransom costs rather than large payments to cover the price of completely rebuilding a compromised network.
Whether or not to pay a ransom is a decision for the company affected.
AIG also noted an impact on claims caused by the General Data Protection Regulation (GDPR) brought in by the European Union in 2018. Companies are making claims to offset some of the costs of the fines they face after reporting a data breach as is required under the legislation. Some 20% of claims cite GDPR notification.