Insurers Get Serious About Social Engineering Attacks Citing a Lack of Awareness as the Problem



cyber-catalyst-logoWith specific endorsements to protect against social engineering scams, insurers are realizing where the true risk lies in cyberattacks and make recommendations of how to mitigate it.

Take the following cybercrime scenario and see if you think it should be insured:

A phishing attack is made where the cybercriminal uses social engineering techniques to convince an internal employee to process a fraudulent transaction, such as transferring funds to a cybercriminal-owned bank account

From an insurer’s perspective, do you think this counts as a cyber attack? Fraud?

The challenge here is that the entire fraudulent action was done (and consented to) by a trusted employee; the cybercriminal didn’t actually perform the malicious act.

So, for organizations with traditional cyber insurance products in place, the assumption is that losses from all types of attacks – including social engineering – will be covered by their crime/fidelity policy. But in cases like the one mentioned above, no “direct” fraud is deemed to have taken place by the insurance company (the employee did it, not the scammer).

In many cases even crime/fidelity policies contain exclusions including social engineering that cause claims to be denied. To ensure proper coverage, organizations should look at purchasing an endorsement to their crime/fidelity policy that provides coverage specifically for social engineering claims.

Additionally, to avoid these kinds of claims (whether paid or denied), organizations need to leverage Security Awareness Training. According to Steve Crystal, head of financial crime at Sedgwick, “Placing emphasis on awareness by an organization’s leadership team is vital – education for all colleagues [focusing] on what to look out for is fundamental. It’s incumbent on each of us to work in a way that protects against risks and threats - and setting that tone from the top is key.”

Marsh’s Cyber Catalyst program helps organization’s identify cybersecurity solutions that will have a material impact they ability to manage cyber risk. Only 17 solutions were selected in 2019, with KnowBe4’s Security Awareness Training and Simulated Phishing Platform receiving the designation.

Insurers are becoming very selective on whether claims are denied or paid based on the specific circumstances. The onus is now on organizations to both strengthen their security stance with meaningful and impact and ensure they have the correct insurance endorsements to protect themselves from social engineering attacks, as well as any other type of cyber attack. 


Request Your Security Awareness Training Quote

products-KB4SAT6-2Old-school awareness training does not hack it anymore. Your email filters have a ~10% failure rate; you need a strong human firewall as your last line of defense. KnowBe4 is your platform for new-school security awareness training. We help you keep your users on their toes with security top of mind. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will. Find out how affordable this is for your organization and be pleasantly surprised.

Get A Quote Now

Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/kmsat_get_a_quote_now

Subscribe To Our Blog


Traditional Security Webinar Kevin Mitnick




Get the latest about social engineering

Subscribe to CyberheistNews