Site icon AdvisorSmith

Social Engineering Fraud Coverage

Social Engineering Fraud Coverage

If you’ve ever received a phishing email from someone claiming you have an unpaid bill, then you have experienced social engineering fraud firsthand. Social engineering attacks are constantly bombarding businesses, and all it takes is one employee to fall for a scam, and a cybercriminal can get their hands on sensitive data, money, and more. With SEF coverage, however, you can mitigate your loss risk and protect your business in a worst-case scenario.

Get a quote on Cyber Insurance

What is social engineering fraud?

Social engineering fraud (SEF) is a type of fraud that involves using social interactions and human psychology to manipulate a victim into divulging or giving access to confidential information, transferring funds, or other compromising activity.

In a social engineering attack, the attacker attempts to win the trust of the victim. This can be accomplished through a variety of means but most often involves posing as a trusted individual, like a business partner, vendor, customer, or colleague. Most commonly accomplished via email, social engineering attacks can also be done through phone, text, or even fax. 

Social engineering fraud has become much more sophisticated in recent years. Hackers may go to extreme lengths to understand the ins and outs of your organization, leveraging this knowledge to more successfully execute their attack. They may target new hires, pose as employees who they know are on vacation, or impersonate a vendor they know you have an outstanding bill with. Even if an attacker is unsuccessful on a first attempt, they can use any information they gained to more successfully target another employee in the company.

The following are a few common types of social engineering attacks:

What is social engineering fraud coverage?

Social engineering fraud coverage is a type of insurance coverage that protects against financial losses stemming from social engineering fraud schemes, including the impersonation of a vendor, supplier, executive, or client. 

Typically, these losses are the result of an employee being tricked into transferring funds to the attacker or an employee being duped into granting access to an attacker who then transfers funds out of your company.

Social engineering fraud coverage is relatively new, and as cyber threats and social engineering scams continue to evolve, so too does the coverage. There is no standardized social engineering fraud coverage—some insurers provide the coverage as additional endorsements that can be added to a commercial crime or cyber policy, while others already include the coverage in their primary policies. Limits vary as well, with some insurers setting lower sublimits for social engineering fraud (e.g., $100,000), while others allow full-limit coverage up to the limit of the primary policy (e.g., $1 million on a crime policy).

Because there is such variation in SEF coverage within the industry, it may be best for you to speak with an insurance agent or broker about their SEF coverage and what they can offer you. In the next few sections, we’ll outline some of the more confusing parts of social engineering fraud coverage, and we’ll call out things you should watch out for when looking to purchase this coverage.

Cyber Insurance vs. Commercial Crime Insurance

Social engineering fraud coverage is typically not a standalone insurance coverage and is more commonly coupled with a commercial crime or cyber insurance policy. Much of the industry has historically associated SEF coverage with a crime policy, given that in many cases, SEF is used to steal or illegally wire funds to the attacker. More and more, however, social engineering fraud has been used to gain access to confidential data or systems, leading to other forms of cybercrime, like cyberextortion.

Depending on the insurer, SEF coverage may already be included within a crime or cyber policy, or the insurer may offer an SEF endorsement to your crime or cyber coverage. Coverage varies widely, and it may be confusing to see SEF coverage offered under a cyber policy versus a crime policy. They may not cover the same types of losses, so it’s important to examine the policy to fully understand exactly what is covered.

Social engineering fraud coverage offered under a crime policy may only cover loss of funds and not losses that result from a loss or breach of data. The opposite may be true for SEF coverage offered under a cyber policy. It’s possible that in order to be fully protected from social engineering fraud, you’ll need coverage under both a crime and cyber policy.

It all depends on the insurer, though. So make sure you fully understand your policy’s coverages before you sign on the dotted line.

Tips for Purchasing Social Engineering Fraud Coverage

Coverage for social engineering fraud varies widely between insurers, so it’s important to take note of a few things when comparing policies:

Best Practices to Manage Social Engineering Fraud

Even without insurance coverage, there are a number of actions your business can take to protect against social engineering fraud schemes. Here are a few simple steps you can take to lower your risk:

Final Word

Social engineering fraud is a real risk for every business, large or small. With SEF scams, attackers rely on being able to dupe an employee into divulging confidential information or wiring money. In order to protect your business, you need to make sure that your employees are well trained in recognizing SEF attempts and implement basic cybersecurity measures. Additionally, purchasing social engineering fraud coverage, along with cyber and crime insurance, can give you a financial safety net in a disaster scenario.

Exit mobile version