Social Engineering

With very early policies cyber insurers wrestled with the type of cover which would be most useful. This led to a number of providers adding small elements of cyber to commercial combined policies but it is important to understand the significant limitations of this sort of cover. It can be limited not just by an inadequate sum insured but also massive inadequacies in the kind of events covered. This is also true of some of the basic cyber policies on the market today. In order to offer lower premiums cyber insurers can exclude losses due to crime and this includes social engineering. At a time when at least 3.4 billion fake emails are sent each day this omission could be catastrophic for an organisation. 30% increase in impersonation fraud within the first 100 days of COVID.

In social engineering attacks the cyber criminals often imitate a third party such as a supplier in order to trick the victim. This can be to infect a system with malware by sending a fake invoice. Or, more and more frequently, victims can be fooled into sending money to the wrong bank account by a last minute change of payment instructions. So called ‘CEO fraud’ is also proving to be extremely lucrative for cyber criminals. This is where they impersonate the CEO of a company (or other senior staff member) and, once again, request money be transferred into a criminal’s account.

It is critical when choosing a cyber insurer to be aware that not all cyber insurance policies include cover for these types of losses.

Video Credit – Hiscox

Make an Enquiry

    Menu