top of page
Robert Gaylord

Protecting Your Business Against Social Engineering Fraud: Cyber or Crime Policy?

Social engineering fraud is one of the fastest-growing threats businesses face today. While many assume these risks are covered under standard cyber insurance policies, the reality is more nuanced. Understanding the distinctions between cyber and crime policies can help businesses better safeguard against costly losses caused by these sophisticated scams.



What is Social Engineering Fraud?

Social engineering fraud involves manipulating, influencing, or deceiving employees into transferring money or sensitive information to a fraudster. These schemes often involve bad actors posing as trusted vendors, clients, or even coworkers.


For example, a manufacturer recently received an email from a supplier with updated wire instructions for an anticipated payment. Trusting the sender, the company processed the payment—only to discover later that the instructions had been falsified by hackers. The money, which amounted to hundreds of thousands of dollars, was unrecoverable.


This type of fraud is becoming increasingly common. According to the 2023 Verizon Data Breach Investigations Report, 74% of all data breaches involve human error or misjudgment. Social engineering attacks via email have more than doubled since 2020, targeting businesses of all sizes and industries.


How Can Businesses Protect Themselves?

Strong internal controls are the first line of defense. Businesses should implement processes like verifying changes to bank account details with predetermined contacts, providing employees with phishing awareness training, and using multi-factor authentication (MFA).


Even with robust security measures, no system is foolproof. That’s where insurance coverage comes in—but not all policies provide the same level of protection.


Cyber or Crime Policy: Which Is the Right Fit?

While cyber insurance is a natural starting point for digital threats, it’s important to understand that not all cyber policies automatically cover social engineering fraud. Many cyber policies include “eCrime” insuring clauses, but these often come with low sublimits—typically around $250,000—making them insufficient for larger-scale fraud losses.

In contrast, crime policies generally offer higher limits for social engineering fraud, computer fraud, and funds transfer fraud. Crime policies can be tailored to better address the financial risks associated with these attacks, often making them a more appropriate solution for businesses handling significant monetary transfers.


Coordinating Crime and Cyber Policies

For optimal protection, many businesses benefit from having both crime and cyber policies in place. When coordinated effectively, these policies can complement each other, minimizing out-of-pocket costs and maximizing coverage.


The key is ensuring the policies are aligned through a single broker who can add manuscript language acknowledging the other policy. In the event of a claim, the policy with the lower deductible typically acts as the primary payer, while the secondary policy provides excess coverage.


Questions to Assess Your Business's Risk

To ensure comprehensive coverage, start by evaluating your current practices. Consider the following:

  • Does your business regularly send or receive wire or ACH payments?

  • How are payment instructions handled, and what controls are in place to verify changes?

  • What is the average volume and size of transactions?

  • Are employees trained to recognize phishing and social engineering attempts?

  • Do you have layered security protocols, such as MFA and endpoint detection and response?


Answering these questions can help identify potential vulnerabilities and determine the most appropriate coverage for your business.


Why Choose Gaylord Insurance?

At Gaylord Insurance, we specialize in helping businesses mitigate risks like social engineering fraud through expertly tailored insurance solutions. Whether you need a standalone crime policy, enhanced cyber coverage, or a coordinated combination of the two, our team has the knowledge and partnerships to protect your business effectively.


With the rise of AI-driven scams and increasingly sophisticated fraud tactics, there’s never been a more critical time to ensure your business is prepared. Contact Gaylord Insurance today to learn more about protecting your organization against social engineering fraud and other emerging risks.


References:

  1. Verizon Data Breach Investigations Report, 2023

  2. IBM X-Force Threat Intelligence Index, 2023




2 views0 comments

Comments


bottom of page