Cybercrime Business Insurance: Is your Business protected against Cyber Attack Scams?

February 25, 2019

 Social Engineering: Are you protected against these types of scams?

As businesses have become increasingly dependent upon technology, criminals have shifted from theft of physical assets to theft of electronic information. The growing use of technology-enabled processes expose businesses to all types of cybercrime. Cybercrime can include theft of personal, financial and medical information and theft of intellectual property; Cybercrime can threaten processes from point-of-sale purchased by debit/credit cards in a retail environment, to ATM transactions in the banking environment to e-commerce or online sales, to electronic business communications.

Reacting to cyber crimes and adhering to regulations imposed by Gramm-Leach-Bliley, HIPAA and similary laws, technical security measures have been implemented in the highly targeted financial and health & wellness related industries. As a result, many cyber criminals are shifting focus away from pure technological attacks and are increasingly attacking employees through use of “social engineering” – techniques used to manipulate people into performing acts or divulging confidential information. Social engineering is not a new concept. A “social engineer” is nothing more than a con-man who swindles people by manipulating them into disclosing passwords or bank information or granting access to their computers, or performing a function that benefits the con-man. According to the FBI, from October 2013 to May 2018 there has been a reported $2.9 billion in monetary losses through this type of scam.


Some policies may include some cyber related coverage or crime coverage, but coverage for damages resulting from “social engineering” schemes are not included. Some cyber policies may extend to include this type of act at an additional premium, but not included automatically. Likewise, traditional crime policies do not extend to cover damages from “social engineering” as the “criminal act” has to be a direct result of actions of the criminal; in situations of “social engineering,” the victim (claimant) is voluntarily providing the criminal with information that the criminal uses to his/her financial advantage or the victim has been manipulated into transferring money or company products unknowingly to the criminal’s account or criminal’s address. “Social engineering” always involves an innocent and deceived accomplice.

Filing in the Insurance Gaps:

There is some good news: Subject to the specific terms of coverage within the policy, there are Cyber policies and Crime policies that will expand to address schemes arising from the impersonation of vendors, executives and clients. Combined with strong internal controls, employee awareness and training, this coverage enables companies to better protect themselves against financial hardship.