Protecting Your Business from Cybercrime

March 9, 2023

Gone are the days of writing physical checks and handing them off to a known banker for deposit or putting them in the mail for payment to a personal contact. Now, nearly all transactions are completed electronically without conversation between the parties involved. While convenient, this can leave you at risk of falling victim to cybercrime.

When discussing cybercrime, cyber refers to the theft of data and crime is theft of money. When these two thefts intersect, it can result in the most prevalent cybercrimes which are invoice manipulation and social engineering fraud.

In recent years, we have seen a sharp increase in cybercrimes. In 2021, the FBI’s Internet Crime Complaint Center (IC3) reported a record number of complaints with potential losses exceeding $6.9 billion. It is important that you understand some common tricks used by fraudsters, know what to look out for and how to protect your company.

Invoice Manipulation involves distribution of funds based on a fraudulent invoice or payment instruction received resulting from security failure.

  • Example: An email is received from a vendor with an invoice including new banking information. The employee, believing the email came from the vendor, updates the banking information and pays the invoice based on the new information. It was later discovered that the person making the request was a fraudster and funds were sent to the wrong account.
  • How to protect your company: Physically verify the request by calling the vendor before making the change. Use the contact information on file, as fraudsters will often provide a contact number that rings back to them.

Social Engineering occurs when a fraudster tricks an employee into sending the fraudster money by impersonating a client, vendor or other employee through fraudulent instruction. This impersonation is also referred to as phishing.

  • Example: An employee receives an email asking about the status of a payment and replies to the email. Unknown to the employee, the email came from a fraudster with a similar email address as their client.
  • How to protect your company: Be vigilant with all emails. If an email is received from a client that doesn’t follow their normal cadence, be sure to closely examine the email for slight variations in the address.
  • Example: An employee may receive a call from the CEO requesting $10,000 be wired to ABC Company immediately. The employee, believing it is the CEO making the request, releases the funds.
  • How to protect your company: Before making the transfer, pick up the phone and call the person that made the request. It is better to question the request than release $10,000 to a fraudster.

If a client does experience one of these events, coverage may be found through either your Cyber and/or Crime policies. Most Cyber policies provide between a $100,000 and $250,000 sublimit for these coverages, while Crime policy limits are typically higher, with a stand-alone Crime policy providing the best overall coverage.

Make sure you have both policies in place to avoid a coverage gap because having insurance is the best way to ensure your company remains on solid financial footing. However, there are old school ways of protecting the organization from cybercriminals.

Always verify any change requests by telephone with the number you have on file. Confirm all employees involved understand and follow this process.

Separate wire transfer responsibilities. At least three people should review and approve wire transfer requests, invoice payments or a change in a business partner’s bank account information. There should be one person to initiate and two people to verify, according to Chubb Insurance.

Confirm Multi-factor authentication (MFA) is enabled for email, which will help prevent business email compromise.

Don’t be afraid to pick up the phone and verify any request for changes to banking information, client information or requests to transfer monies.

If you have questions about your crime or cyber policies, please get in touch with a member of the Oswald Executive Risk team. We can help determine your needs and navigate you through the process to ensure protection.

For more information, visit our Cyber Risk page or contact:

Rita SmallRita Small
Client Manager, Specialty Risk
Oswald Companies





Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.