The current climate has created an ideal “phishing season” for cyber criminals. They don’t need a license or a tackle box to try to take advantage of many people’s natural trusting nature. Exploiting this trust is easier than hacking your software, so trickery attempts have become commonplace.
According to Crowdstrike’s 2021 Global Threat Report (subscription required), bad actors prey on emotions, and the pandemic has provided plenty of bait:
Social Engineering Fraud (a.k.a. Fraudulent Instruction) involves a bad actor posing as a high-ranking executive, vendor, or client and using email (phishing) to trick an employee into releasing confidential information, money, or other property.
There are other types of social engineering, but the common thread among all of them is the human factor. These increasingly sophisticated attacks are hitting all organizations, large and small.
Social Engineering Fraud coverage can be found under both Cyber and Crime insurance policies. Since this important coverage is often sublimited, it is a good strategy to add the coverage to not one, but both policies to build up to sufficient limits.
While Social Engineering Fraud has skyrocketed in recent years in both frequency and severity, this activity is typically excluded on Cyber and Crime policies unless the Social Engineering Fraud insuring agreement is purchased.
With the hardening insurance market and high claims, carriers are scrutinizing all risks and requiring more information to underwrite the policies. Limits/sublimits are restricted, deductibles/retentions are increased, all while the rates are on the rise. Now, more than ever, it’s important to have strong controls in place.
If you couldn’t answer “yes” to all of these, it’s good to know that most of these preventative tactics are easy to implement. Add these to your security “to-do” list to put your organization in the best position for insurance pricing, terms, and conditions.
(Sources: 2021 CrowdStrike Global Threat Report)
Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.