Wells Fargo Insurance released their 2016 Cyber Security Study this week. Over 100 decision makers at companies with at least $100 million in annual revenue were surveyed to better understand perceptions of network security and data privacy vulnerabilities and related business exposures and risks.
Three interesting takeaways from this study include:
Takeaway #1: The Rise of Imposter Fraud
Whether you call it CEO fraud, fraudulent inducement, social engineering fraud or business e-mail compromise scams, 21% of respondents have been targets of impostor fraud. Unfortunately, most suffered a financial loss, and often a significant one ($500k+).
In fact, in April 2016, details of a lawsuit led by the U.S. government revealed that an unidentified American company was defrauded in 2015 out of nearly $100 million by individuals who created a fake e-mail address, posing as one of its legitimate vendors. And data from an April 2016 FBI news release supports the case that impostor fraud is a rapidly growing threat. The release states that complaints to global law enforcement have come from victims in every U.S. state, and in at least 79 countries. From October 2013 through February 2016, law enforcement received reports from 17,642 victims, amounting to more than $2.3 billion in losses!
Takeaway #2: Cyber Insurance Claims On the Rise
The majority (71%) of companies surveyed purchase cyber and data privacy insurance. More worryingly, almost half of those companies have had cause to file claims.
One of the most effective ways to purchase cyber security insurance is after an enterprise has created and implemented an incident response plan, along with the other components of a comprehensive information security plan, so that they better understand what their insurance needs are and can enjoy lower rates because they have adopted best practices.
Takeaway #3: Outside Attacks are of Top Concern
The overwhelming majority of respondents (99%) cited leaking private data, hackers and security breaches as their top concerns. Less than a quarter (23%) cited disruption of business, reputation, compliance or insider threats as a top concern. Clearly there is a tremendous focus on the outside attack, and with good reason.
Knowing that the vast majority of hacks target user credentials, the new line of defense is no longer just the network perimeter but at the identity layer. Identity can be a powerful security tool for protecting both end-users and privileged users from the leading cause of data breaches — compromised credentials. Implementing an identity platform for both identity as a service and privileged identity management can add a strong player security for your organization.
To learn more about how Centrify can help your secure enterprise identities, check out this blog and join us for a free webinar on Securing Enterprise Identities For Dummies.