Truths & Myths — Cyber Insurance for Social Engineering Fraud
I’ve heard it more frequently over the past few weeks, “cyber liability insurance doesn’t cover anything.” That statement is usually followed by a story about someone who had a cyber claim that wasn’t covered. A majority of the time, these stories involve social engineering fraud. According to Interpol, social engineering fraud is “a broad term that refers to the scams used by criminals to trick, deceive and manipulate their victims into giving out confidential information and funds.” While listening to these conversations, I’ve heard many different statements that weren’t true so I thought I’d share with you some of the truths and myths of social engineering fraud insurance coverage.
- You can’t get coverage for social engineering fraud — This is 100% false, there are dozens of carriers who will offer this coverage on either a cyber liability policy or a commercial crime policy.
- Your business doesn’t have exposure to social engineering fraud — Every business has exposure to this type of incident and we’ve seen claims paid in almost every industry.
- If you have a cyber liability insurance policy, you’re covered — Most cyber liability policies exclude this coverage either in the exclusions or in the conditions of the policy.
- Social engineering fraud is better covered on a cyber liability policy than a commercial crime policy — Some will debate this but I strongly believe that social engineering looks, feels, and tastes like a cyber incident and should be covered on a form intended to protect you from cyber incidents. What if you need computer forensics coverage after the business email compromise which triggered the social engineering fraud incident? Your commercial crime policy won’t provide that coverage but your cyber liability policy will.
- Social engineering fraud coverage is not an expensive coverage to secure — Depending on the size of your company, coverage can cost between $100 and $5,000 to secure but most endorsements are less than $1,000.
- There are plenty of cyber carriers who will offer this coverage — Every good cyber carrier offers this coverage if your carrier doesn’t there are likely other significant issues with your coverage.
If you’d like more information on social engineering fraud coverage or have questions about your current cyber liability policy, feel free to e-mail us at info@BrushKC.com.
Do you like to write about your infosec knowledge, skills, opinions, or exploits?
Publish your original research, tutorials, articles, or other written content on Cybray's blog to be seen by thousands of infosec readers daily!