The Research
A new survey of insurance companies has revealed that only 3.54% of institutions have correctly implemented basic phishing and spoofing protection.
The new research by email security provider EasyDMARC reviewed the security policies of 12,103 insurance businesses. It found that only 699 of the researched organizations have correctly implemented and configured security policies to flag, report, and remove outbound phishing emails.
Download Our Report to Learn More!
The survey reviewed the deployment of the Domain-based Message Authentication, Reporting, and Conformance (DMARC) standard among the domains of insurance companies. First published in 2012, the DMARC standard enables the automatic flagging and removal of receiving emails that are impersonating senders’ domains, which is a crucial way to prevent outbound phishing and spoofing attempts.
The Policy Distribution
EasyDMARC’s research found that only 22% of the reviewed domains had implemented the decade-old DMARC standard. Of those 2694 institutions, only 699 (26%) had implemented a ‘reject’ policy that automatically rejects emails imitating a legitimate domain. More organizations that deployed DMARC had configured it to do nothing about impersonating emails, with 1401 (52%) domains having no policy. 594 (22%) had configured DMARC to send impersonating emails into quarantine.
Gerasim Hovhannisyan, EasyDMARC CEO and co-founder says:
“Impersonating email domains is one of the most effective ways cybercriminals bypass organizational cyber defenses through phishing, spoofing, and ransomware attacks. The numbers don’t lie; unfortunately, too many insurance organizations are ignoring essential tools that will effectively prevent these present and persistent dangers.
“The need for organizations to protect themselves from cyber threats is almost unanimously accepted. The absence of domain authentication renders these organizations susceptible to breaches of highly sensitive and potentially costly data. Without the adoption of DMARC or similarly effective policies, the sector will continue to see an increase in cyber events and subsequent disruptions and losses.”