JLT Specialty (JLT) has launched a Crime and Social Engineering (CASE) insurance policy a due to a rise in businesses increasingly asking about the availability of coverage for social engineering fraud.
As with the growth of cyber-attacks, social engineering fraud impacts businesses globally with neither size nor sector acting as a guarantee of protection. It involves fraudsters persuading employees to make significant payments, working around internal controls and processes.
By posing as clients, services providers, vendors, suppliers, and other trusted parties – even from within the same company – any company can be tricked into making a significant payment. It only takes one bad decision or human error to open businesses up to this type of fraud.
Social engineering attacks can also take advantage of IT security by encouraging employees to download malicious software (malware) that will allow them access to a firm’s IT systems. Common tactics include persuading employees to reveal confidential information such as company bank details and passwords or other insider details that will then assist them in seeming more credible for the next planned attack.
Whilst the publicly reported cases of large losses are infrequent, it is not that unusual. With businesses estimating typical losses as a result of fraud at 5 per cent of revenues, insurers look to protect their own exposure to social engineering fraud by excluding, restricting or sub-limiting within standard commercial crime policies. JLT’s CASE coverage, backed by a panel of insurers, offers:
Affirmative and broad coverage for social engineering events;
All risks Crime coverage, including:
- Theft of assets
- Social engineering
- Extortion; and
- Criminal damage
- Cover for new acquisitions, reducing the need for companies to be involved in administration; and
- Limits respond to each crime, there is no annual limit on cover.
JLT Specialty senior partner Kurt Rothmann said: “As with cyber, social engineering attacks are a global issue and one which is a growing threat for companies of all sizes, from multinational firms to local traders.
“In the past criminals have focussed on committing fraud through IT systems, but as a result of technology becoming more sophisticated, staff have found themselves increasingly targeted.
“With all employees only being one email away from a fraudster, a significant breach is not a question of if, but when.
“While cover for social engineering fraud has not been a core purchase for risk managers to date, we’ve seen the uptake for this insurance cover rise as successful scams become increasingly commonplace, despite robust controls and procedures.”