The differences between cyber and crime insurance are not well-understood by many. You may find yourself asking a professional of cybersecurity, “Are social engineering attacks covered under insurance?”
It is possible for coverage of both fund transfer fraud and social engineering fraud to be obtained through both crime insurance and cyber insurance. However, this will depend on your carrier and class of business. It typically takes a specialist to understand the nuances of insurance coverage and to obtain the right policy.
Increasingly, companies are falling victim to social engineering fraud and realizing too late that they didn’t have proper coverage. They’re also failing to realize the right coverage was available in the market. That’s why understanding the differences between cyber and crime insurance is so important—and that’s where we can help. At ProWriters, our experts are well-versed in this evolving landscape and can help you obtain the right coverage.
What Is the Difference Between Cyber Crime and Social Engineering Fraud?
- Cyber Crime—Fund Transfer Fraud (Traditionally found on a Crime / Bond)
Fund transfer fraud involves a malicious system attack or hack that enables the attacker to use banking information to transfer funds. This often involves a hacker attacking a network and stealing usernames and passwords. The hacker then uses that information to transfer funds out of a target bank account. In most cases, by the time the victim realizes what has happened, the funds have already disappeared.
- Social Engineering Fraud (Deception / Fraudulent Instruction / Impersonation)
Social engineering fraud involves a party impersonating an individual or company through fraudulent emails (phishing) to deceive you into giving away private information or funds via wire transfer. This is often called ‘voluntary parting of title’ and is not covered by a Fund Transfer Fraud insurance agreement. These social engineering attacks are often referred to as ‘Business Email Compromise’ or ‘BEC’ scams.
In short, fund transfer fraud involves a malicious hack. In contrast, social engineering crime happens when the insured is tricked into transferring funds.
Social engineering attacks and subsequent claims happen every day and affect everything from small nonprofits to large, sophisticated companies. A recent attack on Ubiquiti Networks, a technology and communications company, is an example of this trend. The company was a victim of a social engineering attack that cost Ubiquiti Networks more than $47 million. The right coverage can minimize the damage from an attack like this.
The coverages that are offered will vary amongst the available insurance carriers. Most forms of crime insurance will offer the option of fraudulent fund transfer coverage. That said, when social engineering fraud coverage is offered, it’s usually with a small sub-limit and restricted to certain classes of business. Additionally, some carriers will offer coverage for client funds, not just your own operational funds. This can be very important for certain classes of business.
Take banks for example. They may have their crime coverage within a market that can’t offer a social engineering fraud sub-limit. Even if both cyber and crime markets can offer crime coverage, there may be important differences which is why you must carefully review coverage. This includes attachment points, coverage triggers, different definitions, and different claims handlers managing the claim.
It’s important to be aware of the differences between cyber and crime insurance. Social engineering fraud claims are rapidly expanding and while the coverage in the market is limited, it should still be offered.
ProWriters Can Help
Anyone can offer you a quick quote or claim to be an expert. That’s why it’s crucial to make sure you are going to a legitimate expert like the specialists at ProWriters. They can explain these exposures and coverages in detail. You can even ask our trusted experts of cybersecurity, “Are social engineering attacks covered under insurance?” A ProWriters expert can help you obtain the best possible coverage for your organization.
Brian Thorton, President of ProWriters, has extensive experience in cyber insurance. Over the course of his career in the industry, he has:
- Trained underwriters, brokers, and agents.
- Developed cyber underwriting manuals and rating guides.
- Written cyber insurance policy forms.
- Been a regular speaker at cyber risk conferences.
- Launched a Cyber Managing General Agent (MGA).
- Built close relationships with all of the top cyber markets and service providers.
- Designed customized cyber programs for many agents and groups.
Cyber crime and social engineering fraud coverages are complex—but they don’t have to be. See what a cyber expert can do for you and contact ProWriters today!