In this video, we discuss the risks of attempting to mitigate risk through cybersecurity insurance. To highlight this problem, we walk through a recent case where an insurer challenged an email fraud claim stating that because social engineering (rather than malware) caused the victim to be exploited that there was no covered loss. The court ultimately found for the victim, but this is a good case study for those infosec professionals who are being told “don’t worry, we have cyber insurance for that!”
Disclaimer: This video is not intended to provide any form of legal or insurance advice.
Case document: https://blog.renditioninfosec.com/downloads/cincinnati_v_norfolktruck.pdf