Select Page

Phishing webinar hot take: Insurance executives need to get it together

CYBSAFE-SebDB Webinar-preblog-221011MS-36

Blog

30 August 2022

"We never measure the number of snares avoided by people" Al Parisian

Look, anyone can be phished. Yes, even the executives in their fancy suits. But that’s not what we’re here to talk about.

We’re here to talk about some of the reasons why phishing risk isn’t being properly managed. And yes, that means we’re calling out the higher ups in the insurance industry.

If you’re in the mood to watch executives get a talking to (or to get one yourself), watch our webinar, Reducing phishing risk in the insurance industry’. 

Don’t have the time right now? Don’t sweat it. It’s available when you need it.

Alright, now let’s talk phishing risk.

 

 

Getting phished is no big deal

According to Al, boards are more concerned with “public failure” or “reputational loss” than the dollar cost.

For insurance companies, reputation is everything. We get that.

What we don’t get is why executives don’t see exposing sensitive information as a “public failure”.

Sure, there’s a good chance that the public won’t find out that Paul from the Phoenix branch got phished. Heck, Paul might not even realize that he got phished. But not taking phishing seriously is in itself a major reputational risk.

If customers can’t rely on you with their data, can they trust your product?

 

 

Processes? What processes?

James Linton quote

People are working remotely now more than ever. And that means inboxes everywhere are overflowing. And, according to James Linton (the man who phished the White House), it’s making it harder to spot phishing emails.

Without any processes in place, it’s harder for people to identify malicious emails—and easier for criminals to get the information they’re after.

Hey, we hate admin as much as anyone else. But a simple ‘I will never’ list can save you a whole lot of trouble. It’s basically a list of things you would ‘never’ ask your people to do.

Of course, you can’t just slap an ‘I will never’ poster on the wall and expect your phishing risk to disappear. To really reduce your risk, you need to change everything from how you run your simulations to how you manage your people.

We’re not going to get into too much detail here, but if you want to learn more and access some free templates, then we suggest you download our Agile Phishing eBook.

A new approach to simulated phishing social card

Want more hot takes? Watch our webinar, ‘Reducing phishing risk in the insurance industry’.

Behave Hub newsletter CybSafe

Do one more thing right today. Subscribe to the Behave newsletter

You may also like

The dogma of security awareness: Exposing cybersecurity’s biggest blind spot

The dogma of security awareness: Exposing cybersecurity’s biggest blind spot

Mar 4, 2025

“Humans are the weakest link.”“Security Awareness training = better behaviour”"If we can nail engagement, we’ll nail risk reduction.""Security Awareness is *actually* about so much more than awareness.”“Security culture is the golden ticket to risk reduction.”“Good communication, messaging,...

Can BS make SA&T stick? Hot takes from the experts…

Can BS make SA&T stick? Hot takes from the experts…

Feb 1, 2025

Using insights from “Oh, Behave!” to strengthen security training and drive lasting behavioral change Security training. It’s as commonplace in an organization as writing “see attached” and forgetting to attach anything. It can help to tackle cybersecurity risks—but only when done well. Simply...