There’s training, testing, and oversight, but it still happens. A busy employee clicks on a link in an email and realizes it’s a scam. What they don’t know is that the malware embedded in that link has triggered a series of actions deep within the company’s systems. Within minutes, all data is available to a cybercriminal, and the network is taken down.
With a vigilant employee and IT team, the attack may have been stopped. But the damage is often done before cybersecurity systems can respond.
The costs of closing such a breach and rectifying the damage could be astronomical. And if the cyber incident isn’t accidental, you could be dealing with a crime committed by an employee. According to IBM’s “Cost of a Data Breach Report 2025”, the United States broke records in 2024, with data breach costs soaring to $10.22 million. This represents a 9% increase over 2023. Malicious insider attacks had the highest average cost per security breach, at $4.92 million. Third-party vendor and supply chain breaches were second, averaging $4.91 million.
Cyber risk continues to top executives’concerns
The good news is that both accidental and intentional cyber damage can be insured. However, obtaining the right mix of coverage is critical.
The Internal Audit Foundation’s “Risk in Focus 2025” report revealed that cybersecurity was the top concern for North American audit executives. 88% of respondents cited it as the number one risk facing their companies.
Microsoft’s “Digital Defense Report 2024” revealed a 275% year-over-year increase in human-operated ransomware-related encounters, where at least one device on a network was the target of a ransomware attack.
More than 90% of attacks that progressed to the ransom stage used unmanaged devices to gain initial access or remotely encrypt data. This underscores the need for organizations to move unmanaged devices onto or off their networks. The most common attack vectors threat actors used to gain access were:
- Social engineering (email, SMS, and voice phishing)
- Identity compromise (stolen or hacked legitimate credentials)
- Exploitation of vulnerabilities in unpatched public applications or operating systems (website logins, IoT, cloud applications, etc.)
On the other hand, the good news: a 30% decrease in ransomware attacks that reached the data encryption stage. Microsoft attributed this positive trend to automatic attack termination. Automatic attack termination systems act immediately to stop suspicious activity without waiting for human intervention. They can take measures such as:
- Blocking the attacker
- Shut down affected parts of the system under attack
- Alert cybersecurity teams to investigate
Business email compromise (BEC) hacks remain one of the top attack vectors, according to the FBI’s 2024 Internet Crimes Report. In these schemes, cybercriminals spoof business email accounts and request illegitimate fund transfers. The FBI received 21,442 reports of BEC fraud in 2024, with adjusted losses close to $2.8 billion.
The FBI listed the top cybercrimes in terms of victim losses in 2024:
Manage your insider threat and cyber risk
Training employees to detect and report phishing attempts and other cybersecurity issues is critical. It’s fairly inexpensive and highly beneficial, but testing, remediation, and refresher training are necessary.
Anti-Fraud
You should also train your employees to report suspicious activity by their colleagues. The Association of Certified Fraud Examiners’ (ACFE) “2024 Report to the Nations” revealed that companies lost an average of 5% of their revenue to fraud each year. But they also offered solutions, such as these anti-fraud controls:
- Create an anonymous hotline
- Conduct management reviews
- Employ external and internal audits
- Require management certification of financial statements
- Create a code of corporate conduct
By fostering an open and inclusive work environment where employees feel valued, they are more likely to act as watchdogs for the company. More than 50% of the fraud cases detected in the ACFE report resulted from employee reports; nearly 33% came from customers and suppliers.
MFA
Multi-Factor Authentication (MFA) is another cost-effective and effective way to reduce cybercriminals’ access to your systems. MFA requires anyone attempting to access your network to provide their user credentials and one or more additional factors to verify their identity. Typically, the second factor is a code sent to another device, but it can also be biometric data such as a fingerprint.
Limit Access to Computer Systems
Companies should also limit network and software access by adopting a low- or zero-trust approach. Zero Trust Architecture (ZTA) is a cybersecurity strategy based on the premise that anyone, even a legitimate user account, is a potential threat. Cybercriminals use legitimate accounts to infiltrate networks because they are less likely to be detected as intruder accounts.
Implementing ZTA cybersecurity begins with a complete technology inventory of your enterprise applications, application programming interfaces (APIs), and add-ons. Once inventoried, reduce the network assets you no longer use. An inventory can help identify potential weaknesses in your cybersecurity. If you have an IT team or a vendor, they can help. While security patches and operating system updates seem like obvious solutions, they can require expensive upgrades and even new hardware. While these upgrades can be costly and disruptive, the investment offsets the cost of a cyberattack.
Hire an in-house or outsourced IT team
For businesses that can afford to go above and beyond, having a dedicated cybersecurity team can help prevent serious losses. For example, when a security breach is detected, an artificial intelligence (AI) monitoring system can help prepare for a counterattack. A dedicated IT team, supported by AI-based cybersecurity, can act immediately to prevent cybercriminals from stealing or locking your data.
Use anti-malware and back up your systems
If your business can’t afford a full complement of dedicated cybersecurity staff, a cloud provider may offer basic services. Even an off-the-shelf anti-malware product combined with MFA can help deter attacks.
Additionally, all businesses should have a backup system disconnected from the internet. This will ensure that your data is not lost or completely corrupted in an attack. You can use archived data to rebuild or continue your operations in the event of an emergency.
What does cyber insurance cover?
Cyber insurance has two components: first-party coverage and third-party coverage.
First-party coverage protects against cyberattacks on your business.
Third-party coverage protects your business against liability if others (customers) suffer damage due to cybersecurity breaches caused by your company or your partners (suppliers).
Cyber insurance typically covers whether the breach was caused by an employee’s erroneous actions or a failure of your cyber defenses.
Cyber insurance is not standardized; it is tailored to the needs of each policyholder. That said, common reimbursable expenses include:
- Investigations
- Revenue losses
- Breach notifications
- Lawsuits and extortion
- Data restoration
- Replacement of damaged hardware or software
- Credit monitoring for victims
- PR services to prevent or lessen reputational damage
Keep in mind that cyber insurance does not cover insider cybercrimes. To do this, you would need a fidelity bond or employee crime insurance. It addresses insider threats such as embezzlement, theft, and damage.
Contact your insurance agent and create a cyberattack response plan
Your insurance agent can advise you on the availability of cyber risk and crime policies to protect your company’s assets and revenue. These policies often include additional prevention benefits, such as a cyber risk audit and cyberattack response assistance.
Combining employee crime and cyber liability insurance with a robust cyber incident response plan goes a long way toward preventing insider threats and cyber risks.
