US insurer Coalition has warned email security is critical to cyber risk management, after 56% of its claims last year stemmed from business email compromise or funds transfer fraud.

It says it clawed back more than $US38 million ($58.15 million) in fraudulent transfers last year, at an average of $US470,000 ($719,265) per claim.

“The email inbox has proven to be an easy place for an attacker to uncover payment information and potentially intervene in payment processes to steal funds,” Coalition Head of Global Claims Robert Jones said.

The insurer’s Cyber Claims Report says attackers use generative artificial intelligence tools to launch sophisticated raids, and phishing emails are becoming harder to detect.

Some firewalls and virtual private networks can increase the likelihood of a cyber incident if they have known vulnerabilities, according to Coalition, which found businesses with internet-exposed devices to be more likely to make a claim.

Coalition offers products in Australia, the US, Britain and Canada. Its policyholders can receive automated cyber alerts and access expert advice and global third-party risk management tools through the Coalition Control platform.

See the report here.