It’s 11.30am on a Monday morning, suddenly your mobile rings loudly, it’s Lydia, a very worried manager of a local design firm.
“Someone has stolen all our money ” she shouts, “Please tell me we are insured!”
Eventually she calms down, and slowly you uncover what has happened.
The previous Friday, Lydia had been congratulating herself about how much cash she had collected that week, when she received an email from her bank asking her to update her security details. Being busy, she had quickly responded to the email, but when she checked the company’s bank balance on the Monday morning all £30,000 of the newly collected money had disappeared.
Lydia and her company had been scammed. They were victims of a classic phishing attack or social engineering fraud.
“Yes, social engineering fraud is covered under your cyber insurance.”
“Yes, social engineering fraud is covered under your crime insurance.”
“Yes, social engineering fraud is covered under both your crime and cyber insurance.”
“I don’t know.”
“You don’t buy either cyber or crime insurance I am afraid you are not insured.”
If it’s the last two Lydia is going to remain unhappy. If she's lucky, her bank may reimburse the company for the fraud but depending on its nature they may not.
A lot of businesses, charities, clubs and associations do not purchase crime insurance, often because they don’t believe their employees will steal their money. Even when it is purchased, a standard crime policy usually will not respond to a fraud like this one. At the same time cyber insurance policies will cover cyber extortion losses but often not social engineering fraud.
We worked on this at one of my recent cyber insurance workshops and were happy with our pretty Venn diagram, but concerned that many clients may not be aware they have no insurance.
Some crime insurers may extend cover to include social engineering fraud (usually with a sub limit and for an additional premium). A cyber insurance policy may also cover social engineering fraud so the policies can overlap but more often there will be a gap or no insurance at all.
According to this BBC article in 2016 global social engineering fraud totalled nearly $1 billion. Often, we don’t get tricked but the fraudsters are clever and can sometimes catch us unawares when we are busy, just like Lydia.
For a commercial insurance broker in 2017 it’s a risk many of our clients may choose not to insure, but it seems it is no longer a risk that they or we can ignore. What are your thoughts?
Oops! Something went wrong while submitting the form