Social Engineering Insurance

Social engineering fraud (SEF) insurance coverage serves as a financial safeguard for organizations facing monetary losses due to an employee falling prey to a social engineering scam. This specialized coverage is designed to specifically address losses resulting from the sincere transfer of money, securities, or other assets, triggered by fraudulent instructions from an individual falsely claiming to be a legitimate vendor, client, supplier, or authorized employee.

Given the persistent targeting of businesses by fraudsters, organizations may find themselves vulnerable despite implementing robust security measures. In instances where criminals successfully manipulate well-intentioned employees into transferring substantial sums of money, social engineering fraud coverage plays a crucial role in mitigating the financial impact of such losses on the organization.

What is Social Engineering Fraud?

Social Engineering Fraud, or SEF, involves the use of psychological tactics to manipulate individuals into divulging sensitive information or persuading them to undertake actions they wouldn’t ordinarily perform. This can manifest as the unauthorized disclosure of confidential information for fraudulent purposes or the transfer of funds to an account controlled by a fraudster.

Fraudsters systematically seek vulnerabilities within organizations, employing various tactics to manipulate their targets. These strategies encompass phishing schemes distributed through email and social media, as well as deceptive telephone calls (vishing) and text messaging (smishing). Social engineering fraud is a pervasive issue that impacts organizations uniformly, irrespective of their size—be it small, medium, or large—and industry sector.

Examples of Social Engineering Fraud Losses

1. The front desk staff of an organization answers a call from a fraudster alleging contact with the IT department regarding a technical issue. Upon downloading the file sent by the imposter for ‘diagnosing’ the problem, the organization’s database falls victim to a malware attack.
2. A scammer, pretending to be the Chief Financial Officer of a company, sends an email to the CEO’s assistant, urging a $155,000 wire transfer to a new foreign vendor bank account. The assistant realizes they have been deceived five hours after completing the wire transfer.

How widespread is the issue?

As indicated by a Barracuda cybersecurity solutions report in July 2021, the average organization faces more than 700 social engineering attacks each year.

The report highlights that CEOs are frequent targets, with fraudsters attempting to exploit them around 57 times annually. Given their comprehensive access to company information and systems, CEOs become particularly vulnerable to social engineering attacks.

In the FBI’s Internet Crime Complaint Center (IC3) annual report for 2021, a staggering 847,376 complaints related to suspected cybercrime were received, resulting in reported losses totaling $6.9 billion.

Where to obtain Social Engineering Fraud coverage?

Social engineering fraud insurance is typically not a standalone policy. Some insurers may automatically include limited SEF coverage within a crime or cyber insurance policy. However, in most cases, individuals add SEF coverage as an extension to a cyber or commercial crime insurance policy. When reviewing your policy for SEF coverage, carefully examine the wording, as it might be listed under a different name, such as “fraudulent instruction coverage.” It’s crucial to note that SEF insurance may not automatically cover all situations, with specific wording detailing what is and isn’t covered.

Cyber insurance policies provide financial protection against losses resulting from data breaches and other cybersecurity issues. Some cyber insurance policies also offer extensions for social engineering fraud.

Commercial Crime Insurance Commercial crime insurance falls under property insurance and covers losses incurred by commercial organizations due to damage, destruction, or disappearance of their property resulting directly from criminal activities, such as theft, fraud, or embezzlement.

Which insurance policy to choose for SEF coverage?

Determining whether a cyber insurance policy, a commercial crime insurance policy, or a combination of both is the right choice depends on the terms, conditions, and pricing offered by insurers to your organization. When seeking insurance coverage, check your commercial crime or cyber insurance policy for a distinct insuring clause specifically covering social engineering fraud. The extent of coverage will differ among insurers.

In the majority of cases, the sublimit for this insuring clause typically falls within the range of $10,000 to $250,000. The sublimit sets a cap on the maximum coverage available for social engineering fraud.

As SEF coverage is sublimited and can vary between insurers, it may be beneficial to consider obtaining coverage under both a cyber and a commercial crime policy to ensure broader overall protection. Coordination of coverage between both types of policies could be advantageous.

Application Checklist for Social Engineering Fraud Coverage

When applying for social engineering fraud (SEF) coverage, insurance companies will assess your organization’s risk. Anticipate a SEF-specific application form containing questions about your experience with SEF and your policies and procedures. Consider the following checklist:

Supervisor Review of Vendor/Supplier Record Changes

• Does your organization mandate supervisor confirmation and verification for all changes to supplier/vendor details?

Employee Training on Social Engineering Fraud

• Do you conduct training sessions for employees to keep them informed about the latest trends in social engineering and cyber fraud?
• Is training provided to all employees, not just those in sensitive positions?

Learning from Previous SEF Experience – Phishing, Smishing, Vishing

• Have you or your employees previously fallen victim to social engineering fraud?
• Have identified weaknesses been addressed, such as following email links without sender verification or divulging confidential information?
• What has the organization learned, and what preventive measures are now in place?

Procedures for Verifying New Customers, Vendors, Suppliers, and Account Changes

• Are there controls in place for verifying new customers, vendors, and suppliers’ bank and contact information?

Procedures for Verifying Fund or Securities Transfer Instructions

• Is there a mandatory verification protocol to ensure checks and verification before making payments?

Fraudsters adapt to technological advances, constantly seeking new methods of financial fraud. Before buying Social Engineering Fraud Coverage, verifying information received via emails and confirming the identity of the sender is crucial, even if the email appears to be from a trusted vendor, supplier, or employee.

Additional Options to Consider

Business Owners Insurance (BOP)

Providing comprehensive coverage, BOP is designed to safeguard your business against various risks, including property damage, liability, and business interruption. It offers a holistic approach to business protection.

General Liability Insurance

Essential for trucking operations, general liability insurance covers bodily injury, property damage, and related liabilities. It shields your business from legal and financial risks associated with accidents or incidents involving your vehicles.

Commercial Umbrella Insurance

Offering an additional layer of liability protection beyond primary coverage limits, commercial umbrella insurance acts as a supplementary safeguard against catastrophic losses. It provides heightened security for unforeseen events.

Workers Compensation Insurance

Addressing the well-being of your workforce, workers compensation insurance ensures coverage for medical expenses and lost wages in the event of work-related injuries or illnesses. It is a crucial component for businesses with employees.

Errors & Omissions Insurance

Specifically tailored for professional services and advice, errors and omissions insurance shields your business from legal claims related to professional negligence or mistakes. It is vital for businesses offering specialized services.

Request a Quote

We specialize in a diverse array of insurance solutions crafted for businesses of any size. Our team of insurance agents is committed to tailoring policies that precisely align with the unique requirements of your business while ensuring competitive rates.

Customer satisfaction is our utmost priority, and we are dedicated to providing ongoing support to address any concerns you may have regarding your policy. Whether you’re launching a new business venture or refining your current coverage, our objective is to offer comprehensive protection. With the right insurance coverage, your business ventures are not just transactions; they evolve into avenues for success and growth.

For personalized guidance that aligns with your company’s specific needs, request an instant quote. We collaborate with over 30 carriers to secure the best available deals for insurance coverage tailored to businesses of any size.

Social Engineering Insurance FAQs