Social Engineering Attacks: Are They Covered Under Cyber Insurance?

Social Engineering Attacks: Are They Covered Under Cyber Insurance?Being covered against cyber attacks in 2018 is a necessity for many businesses. In insuring against cyber threats, it’s important to know the difference between cyber crime and social engineering attacks. One is more easily covered than the other. With 60 percent of companies in 2016 experiencing some form of social engineering attack, according to SC Magazine, it’s important to pay attention to how cyber crime is rapidly changing. Out of the 60 percent who were attacked, over 65 percent of those people said that their data had been compromised. Considering there was a landmark case saying that insurance companies aren’t required to cover social engineering attacks, it’s imperative to stay up to date with how these issues will affect insurance coverage.

Understanding the Coverage

As of right now, social engineering attacks fall under a gray area that is unfortunately not covered by cyber insurance. That means that businesses will have to get social engineering attack coverage through their cyber insurance broker, or assess if their commercial crime insurance can cover them. While Fund Transfer Frauds, also known as hacks, are covered under every cyber insurance policy, social engineering attacks are not the same thing. These things are actually considered a third party phishing scheme, meaning the company often voluntarily gives money, unknowing that they are part of a scam. 

Read Between The Lines

So long story short: if a business accidentally gives money out to a scam, its insurance company doesn’t hold liability to cover it, unless their policy specifically includes social engineering coverage. The reasoning for this is because while social engineering attacks are scams that rely on misinformation, because money or information is technically given voluntarily in these cases, many insurers do not consider them to be breaches. Because of this, it’s important to make sure that businesses are well aware of what their coverage includes, and that they know about all of their coverage options rather than just the standard cyber liability policy.

What Businesses Can Do to Stay Protected

It’s important to be prepared in the event of a social engineering attack, and passing this information on to your clients will help them to reduce their risk of attack. The first step they should take is contacting a cyber insurance broker to make sure that they have the proper coverage. Insurance companies do offer coverage, even if it’s at a small sub-limit. Underwriters can be prepared by making sure that insureds have the right checks and balances to note and effectively deal with social engineering attacks. In addition to equipping themselves with a comprehensive insurance policy, businesses should also implement regular training that helps assist employees in identifying fraud.

About Mavon Insurance

At Mavon Insurance, we pride ourselves on our unique approach to insurance. We focus on integrity, communication, professionalism, respect and gratitude to help our clients succeed and place business in specialized markets. For more information about our products, or to become an agent, contact us today at (877) 426-2866.