The study, by data security company Mimecast, discovered 45 per cent of companies with cyber insurance were not aware of whether their policy would pay out in the event of a social engineering attack, which often involves collecting personal information to figure out how to approach somebody in a manner that means they won't cotton on to the fraud until it is too late.
Meanwhile, only one in ten businesses with insurance felt certain that their policy was fully up-to-date and would cover them in the event of a social engineering attack and two-thirds (64 per cent) of companies confessed that they didn't have cyber insurance to begin with.
Despite this, two out of three (65 per cent) companies reported that the number of targeted phishing attacks levied at their firm had increased, while 67 per cent had seen an increase in the number of whaling attacks, where employees are tricked into making fraudulent transactions on behalf of the chief executive.
"While insurers often pay for clean-up fees after a breach, it is important that organisations check that their policies protect them if an employee is tricked into sending a large amount of money to a fraudulent account," warned Steven Malone, director of security product management at Mimecast. "Attacks where employees are tricked into sending personal data or intellectual property are even less likely to be fully covered."
Research released earlier this year by Digitalis Reputation discovered that only half (51 per cent) of business leaders had changed their privacy settings on websites such as Facebook and just a quarter (24 per cent) regularly check what personal information can be easily found through a quick search, leaving them, and their company, vulnerable to social engineering attacks.