Skip to main content

Email Hacks: A Growing Threat to Businesses Worldwide

N

Nyakundi Report

Newsroom 2 min read

This archive report was first published on 3 September 2019.

With over one trillion phishing emails sent every year, businesses are increasingly vulnerable to email hacks. In fact, email hacking or Business Email Compromise (BEC) attacks have overtaken both ransomware and data breaches as the leading cyber threat to businesses globally.

According to AIG, a leading insurance giant, BEC has been recorded as the leading reason why companies filed a cyber-insurance claim in the EMEA region last year alone. Statistics published by the firm in July revealed that BEC-related insurance filings accounted for 23 percent of all cyber-insurance claims received by the company in 2018.

Finance departments are the most targeted by email-borne cyber-attacks, with 57 percent of respondents citing this as the most common target. However, customer support departments are also increasingly being targeted, with 32 percent of respondents reporting this as the most targeted department.

Locally, the Communications Authority of Kenya reported that organizations were hit by 11.2 million cyber threats in the first quarter of 2019, a 10.1 percent increase from the previous quarter. The most common types of cyber threats detected were malware, web application attacks, system misconfiguration, and online abuse.

AIG attributes the recent rise in cyber-insurance claims from BEC attacks to poor security measures at victim companies, including the use of poor passwords for email accounts, not using multi-factor authentication, and the lack of employee training about email-based attacks.

Although BEC attacks currently hold the top spot, AIG expects that ransomware may regain its top spot soon, as ransomware attacks have become more targeted and the number of ransomware-related cyber-insurance claims dropped last year.

As enterprise and government victims learn that they can offset losses by filing a cyber-insurance claim, AIG believes that the number of claims will go up despite the smaller number of ransomware infections recently. This trend has already become widespread globally, with insurance companies advising victims to pay the ransom demand and then file a cyber-insurance claim afterward.

GDPR has also affected the number of cyber-insurance claims filed, as businesses can no longer hide data breaches and have to disclose them under the regulation. A fifth of all the cyber-insurance claims AIG received in 2018 included a public GDPR notification, with costs significantly higher than those that did not include a GDPR data breach notification.

Be the first to react

Support

Support this reporting

M-Pesa support recorded against this story.

Send support →

Stay close

Get the briefing

Major updates by email. No spam.

Get email brief →

Share

Save share card

Download a clean portrait card for sharing.

Save image →