Why High-Growth Businesses Need Social Engineering Insurance
COO & Co-Founder
COO & Co-Founder
When we mention “cyber insurance” to most clients, they tend to immediately picture situations like the target or yahoo data breaches. They picture some mystery mastermind on the dark web scheming up an elaborate plan to crack firewalls and compromise networks.
While that clearly happens more than we’d all like, it’s not the only threat out there, and it probably shouldn’t be the focus of most funded startups’ concerns. In reality, there are 3 major data breach threats that any company faces:
We’re concerned with the 2nd type of cyber loss, particularly when an employee is induced & deceived into disclosing sensitive company or client information. This is called “Social Engineering,” and it has become a huge source of claims. In fact, over 55% of attacks are done via social engineering methods.
Why? Because it’s actually surprisingly easy to manipulate your employees. In a recent study done by social-engineer.org, 90% of people polled were willing to give their full name and email address without even verifying the asking person’s identity, and 67% would give even more sensitive data, such as birth dates or employee numbers.
There are several methods of social engineering that are seen frequently, including the following:
According to the FBI, from October 2013 to February 2016, more than 17,642 social engineering victims from across the U.S. were defrauded of almost $2.1 billion. “Victims range from large corporations to tech companies to small businesses to non-profit organizations,” and most social engineers target businesses with foreign suppliers or a high volume of wire transactions.
Social engineering insurance is not a standalone product, and sits in a spot right between crime insurance and cyber insurance. Insured companies originally looked to their crime policies for coverage under the “computer and funds transfer fraud” line item, but courts have been mixed on whether or not coverage was afforded here. Furthermore, crime policies never provide coverage for the theft or loss of data. Similarly, cyber insurance policies cover compromise of networks and theft or loss of data, but traditionally no coverage is afforded for the loss of funds (the main loss from a social engineering attack).
Fortunately, we work with several insurers that provide specific social engineering endorsements and remove exclusionary wording in tandem with cyber coverage to eliminate any doubt as to what is and is not covered by the policy. Given the rapid growth of fraud cases in this area – particularly those aimed at early stage companies – it is clear that social engineering insurance is becoming a crucial coverage for all companies.
Talk to us to learn more about how you can protect your company and business!
[vc_btn title=”GET A QUOTE” style=”outline-custom” outline_custom_color=”#ee2524″ outline_custom_hover_background=”#ee2524″ outline_custom_hover_text=”#ffffff” shape=”square” size=”lg” align=”center” link=”url:https%3A%2F%2Fapp.foundershield.com%2Fusers%2Fsign_up|||”]
PCI DSS compliance and cyber liability can seem confusing, but we break it down for you so you can keep your business booming.