Cyber incidents are growing in cost and frequency, yet most claims don’t actually result from highly sophisticated threat actors. Instead, everyday oversights continue to account for a large portion of losses: misconfigured systems, outdated software, weak passwords, untested backups.
For brokers, underwriters, and businesses, the implication is simple: focusing on the fundamentals of cyber security can deliver outsized benefits.
Simple cyber security failures lead to major claims
Small, seemingly innocuous security mistakes are ripe for triggering large-scale incidents. A single unpatched server, a misconfigured cloud setting, can cause:
extended business interruptions: Systems go offline for days or weeks
data loss: Sensitive customer or internal information can be exposed, even destroyed
ransom demands: Attackers exploit tiny gaps to lock or steal critical data.
The cost of preventing these issues is relatively minuscule compared to the expenses associated with claims, including legal fees, regulatory fines, and lost revenue – never mind the reputational and financial cost having long-term damage to the brand. Yet these oversights can be detected, and moreover avoided, by having the appropriate defenses in place. Which is why brokers and insurers alike encourage having those fundamental controls in place.
The top 10 failures driving claims (and how to combat them)
-
Misconfigured MFA
Multifactor authentication (MFA) is one of the most effective ways to block credential-based attacks – but only when properly configured, as opposed to:
using SMS-only MFA rather than app-based or hardware tokens
leaving administrative or privileged accounts unprotected
failing to require MFA for remote access and cloud services.
Accounts without properly configured MFA are frequent targets for phishing, brute force, and credential stuffing attacks. That’s why during risk assessments underwriters evaluate MFA coverage, configuration quality, and encourage across every business-critical account.
-
Unpatched or outdated software
Delaying software updates leaves companies exposed to known vulnerabilities. Common claim triggers include:
Remote Desktop Protocol (RDP) services left unpatched
outdated VPN appliances or firewalls
legacy operating systems no longer receiving security updates.
Attackers exploit these gaps to carry out further reconnaissance that can result in ransomware deployment , data theft or exfiltration. Attacks through unpatched systems are often the most costly. Brokers and underwriters are recommended to check patching schedules, update frequency, and vulnerability management practices during submissions.
-
Poor or untested backups
Backups only have utility if they’re actually reliable. Failures often occur because of:
retention settings that overwrite critical data
backups stored on the same network as production systems
lack of offline or offsite copies
infrequent testing of recovery procedures.
Ransomware and accidental deletions may render data entirely unrecoverable, leading to major claims and extended downtime. You can dramatically reduce exposure through quarterly recovery tests, offline backups, and clear restoration procedures.
CFC case study
An engineering firm was hit by a ransomware attack. Not only was all its data wiped, but so were its backups that, unknown to the company, had actually failed years prior.
With no means to recover the files, the firm faced over £270K in costs to recreate critical project data.
-
Weak passwords and credential reuse
Even with MFA, weak or reused passwords remain a common failure:
employees often reuse credentials across multiple systems
simple or predictable passwords can be guessed or brute-forced
phishing attacks exploit credential reuse to gain access.
Weak password hygiene increases the likelihood of account takeover and downstream ransomware attacks. It’s paramount to enforce strong password policies, implement password managers, and monitor for credential leaks.
-
Inadequate employee awareness
Human error remains the leading cause of cyber incidents, with 3 out of 4 of CFC cyber claims being attributed to human error:
falling for phishing emails or social engineering
accidental sharing of sensitive files
improper handling of removable media or cloud links.
Many claims involve employees inadvertently granting attackers access. Poor awareness amplifies risk, even when technical controls are in place. So it’s vital to assess the frequency and quality of employee cyber security awareness programs, including phishing simulations and incident response drills.
-
Misconfigured cloud systems
Cloud adoption has expanded attack surfaces, but misconfigurations are common:
overly permissive storage permissions
unprotected admin portals and dashboards
lack of monitoring for unusual activity.
Misconfigured cloud environments can result in data exposure or unauthorized access, driving claims and regulatory scrutiny. It’s important to conduct regular cloud audits, enforce least-privilege access, and monitor logs for anomalies.
-
Insecure remote access
Remote work has introduced novel vulnerabilities:
VPNs not consistently enforced or updated
remote desktop and admin tools exposed to the internet
weak authentication controls for offsite connections.
Attackers exploit remote access gaps to bypass internal network protections, often triggering high-severity claims. To combat this, businesses should require secure VPNs, enforce MFA, and regularly audit remote access logs.
CFC case study
A small bank was hit by ransomware after hackers exploited an unpatched VPN. It managed to avoid paying the ransom by restoring data from an offline backup.
But while no data was stolen, the incident did still set the organization back £140K.
-
Third-party and vendor security issues
Organizations increasingly rely on vendors for IT, cloud, and operational support. Common failures include:
assuming third-party systems are secure by default
lack of contractual security expectations
minimal monitoring of vendor access or activity.
Third-party breaches can cascade into insured systems, causing damaging ripple effects through systems often resulting in difficult regulatory claims. So review vendor risk management, contractual requirements, and incident response coordination.
-
Insufficient endpoint security
Endpoints are still the primary target for attackers:
lack of antivirus or EDR solutions
unpatched mobile devices and laptops
devices with excessive local privileges.
Compromised endpoints can result in malware being launched, data exfiltration, and business disruption. Businesses should therefore standardize endpoint protection, enforce security policies, and conduct regular audits.
-
Lack of incident response planning
Even an organization with strong defenses still sets itself up to fail if there’s:
no clear procedure for ransomware response
slow internal communication and decision making when an incident arises
insufficient testing of the response plan.
Delayed response can amplify losses, apply pressure to pay ransom payments, and violate compliance requirements. To avoid these issues, maintain a tested, documented incident response plan, including defined roles, escalation procedures, and communication strategies.
Fortify your cyber hygiene to prevent claims
Most cyber claims result from simple and totally preventable failures rather than advanced attacks. Focusing on the fundamentals therefore dramatically reduces both claim frequency and severity.
Strong cyber security hygiene benefits everyone: businesses avoid costly downtime and regulatory penalties, while underwriters gain confidence in risk assessments and pricing. Prevention isn’t just cheaper than remediation – it’s vital for maintaining resilient, insurable operations.
Get in touch with CFC today, and see how our cyber insurance can significantly reduce your exposure to costly claims.
