"Insurance Companies Neglect Basic Email Security"

According to security researchers at EasyDMARC, only 3.54% of insurance companies have correctly implemented basic phishing and spoofing protection.  The researchers conducted a survey that reviewed the deployment of the Domain-based Message Authentication, Reporting, and Conformance (DMARC) standard among the domains of insurance companies.  The researchers found that only 22% of the reviewed domains had implemented the decade-old DMARC standard.  Of those 2694 institutions, only 699 (26%) had implemented a "reject" policy that automatically rejects emails imitating a legitimate domain.  The researchers noted that more organizations that deployed DMARC had configured it to do nothing about impersonating emails, with 1401 (52%) domains having no policy.  Many of the participants, 594 (22%), had configured DMARC to send impersonating emails into quarantine.  The researchers stated that the absence of domain authentication renders these organizations susceptible to breaches of highly sensitive and potentially costly data.  The researchers noted that without the adoption of DMARC standard or similarly effective policies, the sector will continue to see an increase in cyber events and subsequent disruptions and losses.  

Help Net Security reports: "Insurance Companies Neglect Basic Email Security"