How many cyber claims result from human error?

About three-quarters of cyber claims notified in 2018 to one specialist insurer involved some kind of “easily preventable” human error.

“Theft of funds, ransomware, extortion and non-malicious data breaches usually start with a human error or oversight, such as clicking on a phishing link or not following up a wire transfer request with a phone call,” CFC Underwriting said in a press release Monday.

Last year, London, U.K.-headquartered CFC responded to more than 1,000 cyber claims related to theft of funds, data breaches, ransomware and extortion, among others. Earlier this year, the insurer – which serves more than 70,000 businesses in over 80 countries, including Canada – released its 2018 cyber claims data, reporting that ransomware was the primary driver for claims in Canada. It represented 32% of all cyber claims notified in 2018, a 9% jump from 2017.

Non-malicious data breaches were the second largest cyber claim type in Canada (24%), followed by malicious data breaches (20%).

“The material impact of a cyber event is real and it is becoming increasingly clear that many events could be prevented through basic employee awareness programs on topics ranging from phishing scams to the importance of password complexity,” said James Burns, cyber product leader at CFC. “Cyber risk and security should be top of mind for business leaders.”

Responsibility doesn’t just lie with businesses, Burns said. Cyber insurers providers should be offering comprehensive risk management solutions that include things like cybersecurity training for employees.

“Small businesses in particular might not always have the time or resources required to seek out access to these vital tools, so a cyber insurance policy that can provide this is incredibly valuable,” he said. “Along with other monitoring and preparedness tools, cyber education services help keep an event from occurring in the first place and ensure businesses are better able to respond and recover if it does.”