IAG: The insurer hacking itself

by |
The recent Wannacry ransomware attack has put cyber security top of mind for businesses around the world, and one insurer has developed a unique way to make sure their business remain safe.

IAG New Zealand has revealed that they regularly send staff fake, phishing style emails to test them on their ability to identify scams, The New Zealand Herald reports.

The major insurer sends its 3,500 staff a phishing-style email once a month with those that click on the link sent an instant reminder to undertake cyber security training.

Mark Knowles, director of cyber security and risk at IAG New Zealand, said that the plan, which began several months ago, started with an easy to spot scam before becoming more complex.
Knowles’ team sent out an email about a turkey recipe for the American holiday thanksgiving, but moved on to more elaborate scams to bolster defences.

“The number to start with was really low,” Knowles told the publication of the first attempt.
"The more important part was that it raised awareness across all staff not just about phishing emails but security."

Staff are not punished for clicking on the hazardous link, but those that identify and notify the company about potential scam emails are rewarded.

Knowles noted that real-life scams that rely on the simple click of a link happen “all the time” and suggested that businesses should be sharing information on potential scams to ensure safety.
“We do talk to each other,” Knowles continued.

"It is the good guys versus the bad."

Related stories:
Quarter of businesses say risk has risen
JLT welcomes cyber funding boost

Corporate Risk & Insurance forum is the place for positive industry interaction and welcomes your professional and informed opinion.

Name (required)
Comment (required)
By submitting, I agree to the Terms & Conditions