Risk assessment to avoid successful phishing attacks

The benefits of our risk scan to prevent phishing attacks and security gaps

Some insurance brokers occasionally ask to what extent the risk scan brings an advantage to your Baobab customers and does not represent a hurdle in the application process. The fact that this knowledge of the customer's risk situation represents a major advantage for both our brokerage partners and the customer will be shown using an example of a phishing attack on a company.

How the baobab risk scan helps close security gaps

Our risk scan covers a large part of the risk questions from the risk questionnaire. This detailed recording enables us to identify and close potential security gaps at an early stage. An example is shown by the first court decision in the area of cyber, which was made at the end of May: LG Tübingen, judgement of 26.05.2023 - 4 O 193/21.

The incident in question was a successful phishing attack. An incorrect click on an email made it possible to install malware that encrypted the IT system and demanded extortion money. The damage caused, in particular as a result of the interruption of operations, was high and posed a risk to the continuation of the company. Although the amount of damage was covered by the sum insured, the insurer denied the claim and relied on a lack of updates to old systems.

This case shows how important it is to identify the right risk questions, ask the rest and identify security gaps:

1. Risk questions formulated too vaguely: The insurance company answered the risk questions objectively correctly, but did not correctly assess the risk. As an insurer, it is our job to accurately assess the risk. That is why we ask as precisely as possible to correctly assess the cyber risk of your customers. If necessary, we explain terms in our Risk Questions FAQ.
2. Lack of causality: The company had internal servers that were not equipped with the latest Microsoft Windows security updates and failed to provide available updates. However, these updates would not have prevented the phishing attack. The attacker had accessed login data and thus gained access to the network. Therefore, the insurer cannot claim a pre-contractual breach of notification due to failed updates.
3. Relying on undocumented safety recommendations: The insurer cannot claim that a general improvement in cyber security would have prevented the damage. Benefits reductions are only allowed if the policyholder significantly falls below the contractually defined safety standard. It is important to document discussions about risk, both on the insurance and brokerage side.

Another case of a successful phishing attack can be here Read: A construction company transferred several thousand euros to a hacker account after an employee received the email.

Preventing phishing attacks through thorough risk assessment

Our risk scan is a key advantage for your customers as it helps identify and fix security vulnerabilities before they can be exploited. Thanks to our precise risk questions and comprehensive risk scan, the cyber insurance application process is significantly shortened and there is no rude awakening or lengthy discussions in the event of a claim. This helps significantly to prevent phishing attacks and to ensure the safety of your customers' businesses. As an insurance broker, you can even score points with the Baobab risk questionnaire in an interview with our Head of Distribution at Asscompact read.

Even though risk issues may be a hurdle at first glance, they enable us to better understand and maintain the security risk of our joint customers. In this way, we can ensure that your customers are optimally protected against cyber threats.