What we’ve been reading …
Organizations have insufficient cyber insurance coverage
CYE, a cyber risk quantification firm, calculated that the average organization is only covered for 25% of the financial risk associated with a cyber breach. The data comes from external (not CYE) and internal (CYE) sources. CYE said that 80% of organizations lack sufficient coverage, and the maximum insurance gap is 3000% – which would mean that the organization is only covering 0.03% of its total cost due to a data breach.
The associated report (it’s not in the press release) says that the gap could be “in the ability or willingness of cyber insurers to provide adequate insurance coverage,” which is the major trend line we’ve seen the most due to the spate of high-cost ransomware incidents that decimated insurance company profits. We agree that it could also be due to an inability to quantify risk internally, but would see the insurance market dynamics as the major influence. Regardless of the impact on insurance policy issuance, the value of risk quantification is that it shows what an organization is not covered against from an insurance POV, thus highlighting to senior leadership the urgent work that needs to be done to actually improve security posture – not merely shift the cost of a breach to a third-party. Press release Report
MDRs are failing to help enough; a better approach is needed
A study by Radiant Security found significant shortcomings in MDR (managed detection and response) services, such as a lack of context about their environment (34%), more escalations than a SOC team can handle (32%), and a long time frame for remediating incidents (44% take more than 4 weeks per incident). Also, 70% of respondents said they are saving only 25% or less of their time after outsourcing to an MDR service – which doesn’t line up with the outsourcing value proposition. Radiant says it’s time for a new approach, and it has some ideas on what organizations should be doing instead. Press release
Microsoft and Google continue to top the list of most impersonated brands
Microsoft and Google continue to be in first and second places respectively as the most impersonated brands used in phishing attacks, followed by LinkedIn, Apple, and DHL in 1Q 2024. Amazon brand impersonation has dropped from 4Q 2023 to 1Q 2024, and Airbnb has made a first time appearance in 1Q 2024. Be careful what you click on peeps! InfoSecurity Magazine
Leave a Reply