It’s 11.30 am on a Monday morning - suddenly your mobile rings loudly –it’s a very worried manager of a local design firm - Lydia. 

“Someone has stolen all our money ” she shouts, “Please tell me we are insured!”

Eventually she calms down, and slowly you uncover what has happened.

The previous Friday, Lydia had been congratulating herself about how much cash she had collected that week, when she received an email from her bank asking her to update her security details. Being busy, she had quickly responded to the email, but when she checked the company’s bank balance on the Monday morning all £30,000 of the newly collected money had disappeared!

Lydia and her company had been scammed they were a victim of a classic phishing attack or social engineering fraud.

So what’s your answer to her question?

  • “Yes, social engineering fraud is covered under your cyber insurance.”
  • “Yes, social engineering fraud is covered under your crime insurance.”
  • “Yes social engineering fraud is covered under both your crime and cyber insurance.”
  • “I don’t know.”
  • “You don’t buy either cyber or crime insurance I am afraid you are not insured.”

If it’s the last two Lydia is going to remain unhappy. If she is lucky, her bank may reimburse the company for the fraud but depending on its nature they may not.

A lot of businesses, charities, clubs and associations do not purchase crime insurance often because they don’t believe their employees will steal their money.  Even when it is purchased, a standard crime policy usually will not respond to a fraud like this one. At the same time cyber insurance policies will cover cyber extortion losses but often not social engineering fraud.

 We worked on this at one of my recent cyber insurance workshops and were happy with our pretty Venn diagram but concerned that many clients may not be aware they have no insurance.

 Some crime insurers may extend cover to include social engineering fraud (usually with a sub limit and for an additional premium).  A cyber insurance policy may also cover social engineering fraud so the policies can overlap but more often there will be a gap or no insurance at all.

 According to this BBC article in 2016 global social engineering fraud totalled nearly $1 billion.  Often we don’t get tricked but the fraudsters are clever and can sometimes catch us unawares when we are busy – just like Lydia.

I think for a commercial broker in 2017 it’s a risk our clients may choose not to insure but it’s not a risk that they or we can ignore – what do you think?

Posted by Neil Park March 21, 2017