Cyber Crime vs. Social Engineering - Are You Covered?
There has been a rise in Social Engineering losses in recent years, and we have seen too many companies find out after the fact that they didn't have the appropriate coverage. Coverage for Fund Transfer Fraud and Social Engineering can be obtained on both Crime and Cyber policies depending on your carrier and class of business, and you'll want to make sure you're covered from both angles.
Fund Transfer Fraud or Social Engineering – What is the difference?
- Fund Transfer Fraud in general, this is where a malicious system attack or "hack" allows an attacker to use a target's banking information to transfer funds. A hacker breaches your system, steals your user name and password, and transfers funds away from your bank. By the time you figure it out the funds are long gone.
- Social Engineering is often where someone is targeted by a "phishing" scheme and voluntarily gives away funds to a perceived third party. This type of activity is not covered by a Fund Transfer Fraud.
Think about it this way: Fund Transfer Fraud involves a malicious hack - Social Engineering tricks targets into transferring their own funds.
When it comes to coverage, you'll find that each insurance carrier has a different appetite on what they offer insureds. Most good Crime forms will offer the Fraudulent Fund Transfer coverage as an optional coverage, but many will only offer the Social Engineering coverage with a small sub-limit (and only for certain classes of business). Good Cyber carriers may offer the Social Engineering coverage, but not on all classes of business.
Social Engineering claims are happening every day to small non-profits to large sophisticated companies. Be very cautious when wiring funds! Be aware of the differences in these coverages and speak with your Marshall & Sterling representative if you have questions about your specific policy or needs.