Protection from Social Engineering Fraud

Topics: Cyber Liability

Summary: Social engineering fraud is on the rise. Learn how typical commercial crime and cyber liability coverage do not individually cover the risks of social engineering scams, but by combining the two coverages, insureds protect their business from the damages caused by these attacks.

How Can Small Businesses Stay Protected from Social Engineering Fraud?

Commercial crime insurance policies cover direct loss from fraud or theft. Cyber insurance covers indirect losses and costs for the failure of technology, forensic investigation, privacy monitory and data recreation when personal identifiable information (PII) is breached. While these coverages may seem somewhat unrelated, new types of scams using computers or wire transfers blur the lines between commercial crime and cyber risk resulting in financial loss without a data breach.

Aaron Basilus, SVP of Cyber at AmTrust Financial and Melissa Schwartz, Commercial Crime Product Manager at AmTrust EXEC, explained how companies could keep themselves protected from social engineering risks by having well-rounded insurance coverage in a recent Risk and Insurance article.

What is Social Engineering Fraud?

Social engineering is the act of deceiving or manipulating someone into exposing confidential, business or personal information that could be used for fraudulent purposes. A majority of these types of attacks are aimed at small and medium-sized businesses. Social engineering attackers use a variety of techniques to carry out their scams, including:
  • Phishing Emails
  • Spear Phishing
  • Baiting
  • Spoof Websites
  • Caller ID Spoofing
  • Zoom Attacks

amtrust cyber insurance banner

Cybersecurity and Commercial Crime Risks

Social engineering scams have two characteristics that disqualify them for coverage under traditional crime or cyber policies:
  • The absence of direct theft: Employees are tricked into willingly transferring large sums of money. This loss doesn’t fit the usual definition of employee dishonesty, computer fraud or fund transfer fraud in most crime policies.
  • Lack of data breach: The attacks do not target a company’s systems or result in a data breach and are therefore not usually covered by a cyber liability policy.
However, Basilus explains that social engineering fraud can have some shared traits to traditional crime and cyber incidents, saying, “They are very similar exposures in the sense that an inadvertent error could always give rise to a potential loss. And at the same time, you have third parties actively trying to subvert whatever security measures you have in place, exploiting any weaknesses that might exist within your overall security framework but also vulnerabilities of human nature.”

Benefits of Working with One Carrier for Commercial Crime and Cyber Liability Coverage

Insurance carriers have different lines of attack towards social engineering risks. Melissa Schwartz shared, “In the U.S., most cyber and crime markets have decided to cap the losses from social engineering schemes via sublimited coverage. But insurers have varying degrees of comfort with this risk, and the limits and language differ from one carrier to the next. It’s far from a unified approach.”

Working with a single carrier who offers both types of coverage will help close coverage gaps due to social engineering fraud exposures. Cyber and commercial crime policy underwriters will take a holistic view of the insured’s risks to determine what policies will meet those needs. Plus, working with a single carrier will streamline the claims process.

Basilius describes this further by saying, “When you work with one carrier, you also gain the full breadth of their expertise. At AmTrust, we’re thoughtful and deliberate about the business we write. We know our clients’ business and serve the industries and market segments where we have experience and expertise.”

Schwartz adds, “Both of our teams have the ultimate sign-off on what gets covered and what doesn’t. Because we can make those decisions ourselves, we can not only provide faster service for clients but more bespoke solutions.”

AmTrust Helps Protect Your Small Business

AmTrust specializes in providing insurance solutions for small businesses across a wide variety of industries. Our cyber insurance offers various services to address the modern-day risks and threats of business identity theft and data breach. The monoline Commercial Crime product from AmTrust EXEC covers loss from employees and some third-party theft, including social engineering fraud. For more information about small business insurance solutions from AmTrust, contact us today.

This material is for informational purposes only and is not legal or business advice. Neither AmTrust Financial Services, Inc. nor any of its subsidiaries or affiliates represents or warrants that the information contained herein is appropriate or suitable for any specific business or legal purpose. Readers seeking resolution of specific questions should consult their business and/or legal advisors. Coverages may vary by location. Contact your local RSM for more information.

Time Zones