Phishing Attack Compromises Employee Email Accounts at Patterson-Schwartz & Associates, Raising Cyber Insurance Concerns

In May 2025, Patterson-Schwartz & Associates, Inc. (PSA), a Delaware-based real estate company, fell victim to a phishing attack that compromised two employee email accounts on May 14 and May 29. The company promptly secured the compromised accounts and initiated an incident response, including notifying affected individuals. However, the incident has raised questions about the adequacy of PSA's cyber insurance coverage. Phishing attacks remain a significant threat vector in the cybersecurity landscape. These attacks typically involve deceptive emails designed to trick recipients into revealing sensitive information or downloading malicious software. In this case, the compromise of email accounts could lead to data exfiltration, further attacks, and potential reputational damage. The incident underscores the importance of robust email security measures, including multi-factor authentication (MFA) and regular security awareness training for employees. PSA's response to the incident appears to have been swift and comprehensive. Securing the compromised accounts and notifying affected individuals are critical steps in mitigating the impact of a data breach. However, the incident highlights the need for organizations to regularly review and update their cyber insurance policies to ensure adequate coverage for various types of cyber incidents. Cyber insurance is designed to help organizations mitigate the financial risks associated with data breaches and other cyber incidents, but gaps in coverage can leave organizations vulnerable. The broader implications of this incident for the cybersecurity landscape are significant. Phishing attacks continue to be a prevalent threat, and organizations must remain vigilant in their efforts to protect against them. This includes implementing technical controls such as MFA and email filtering, as well as conducting regular security awareness training for employees. Additionally, organizations should ensure that their incident response plans are up-to-date and that they have comprehensive cyber insurance coverage in place. From an expert perspective, organizations can take several steps to enhance their cybersecurity posture and mitigate the risks associated with phishing attacks. First, implementing MFA can significantly reduce the risk of unauthorized access to email accounts. Second, regular security awareness training can help employees recognize and avoid phishing attempts. Third, organizations should regularly review and update their cyber insurance policies to ensure adequate coverage for various types of cyber incidents. Finally, having a well-defined incident response plan can help organizations quickly and effectively respond to security breaches, minimizing their impact.