News | Social Engineering Losses and Insurance
The latest cyber risk causing significant losses to businesses is social engineering.
A social engineering loss is one whereby a party, through the use of deception, manipulates another party into divulging confidential or personal information that may be used for fraudulent purposes.
An example of this is where a company employee is tricked into transferring funds into a fraudster’s account, under direction from what is assumed to be a vendor, client or one of the company’s supervisors. The fraudster will usually send an email claiming to be one of the above-listed people and will then ask the email’s recipient to change banking details where company funds are currently being transferred.
On the surface, these types of fraudulent emails appear to be authentic, with all of the correct company information and logos being displayed. Only careful inspection of the email and the account details listed within the communication will reveal the scam. However, unsuspecting and trusting employees have already unwittingly cost their companies millions of dollars by actioning the instructions of these emails.
Don’t Assume it is Covered by Your Insurance
Contrary to what a lot of business owners think, losses incurred through this particular type of scam aren’t always covered under traditional insurance policies including cyber and crime policies.
There have been a number of cases where Insurers have rejected claims made by businesses that have fallen victim to this particular type of social engineering because the loss did not result from “direct fraud”.
As a general rule, insurance policies providing cover for fraudulent behaviour only apply if a fraudster directly penetrates the company’s systems and illegally accesses the businesses money without consent. However given a social engineering loss occurs with knowledge and consent, albeit via fraudulent methods, insurance policies may contain exclusions in relation to such voluntary parting of funds or property.
Alternatively, they may contain outright social engineering exclusions.
We, therefore, recommend that insureds assume there is no cover unless specifically specified and that you contact Perrymans on 08 8362 7127 to discuss how to protect yourself or your company from this risk.
It still surprises us the number of Professional Indemnity risks we see where the...Read more