Leading Insurer Adds Optional Cover for Social Engineering

Social Engineering

Social Engineering

Optional Cover for Social Engineering

Cyber specialist Emergence Insurance has enhanced its policy wording to cover social engineering.

Emergence has developed a new, optional section, Criminal Financial Loss, which offers cover for socially engineered thefts and cryptojacking. The new covers are in addition to cyber theft and telephone phreaking, which have long been part of Emergence’s offer.

Jeff Gonlin, Emergence’s Head of Underwriting and Product Development, says traditional cyber thefts target IT systems, but social engineering threats target individuals.

“Hacking humans is now big criminal business. People are the weakest link in the security chain,” he said.

Social engineering exploits people who are tricked into divulging sensitive information, transferring money to hackers’ accounts, or even providing access to corporate IT systems.

What is Social Engineering

Examples include business email compromise (BEC), phishing (using electronic communications to fraudulently obtain sensitive information) and baiting (using free offers to surrender login credentials). Fake invoices are another ploy, through which criminals insert themselves into the middle of transactions.

“A supplier’s invoice may look genuine and even represent a legitimate bill a victim is expecting, but doctored bank details mean the funds go to crooks instead of the intended recipient,” Jeff said. “We are seeing the dark side of psychology meeting technology.”

Jeff advocates a holistic approach to cyber security. “It’s not just about your IT, or your employees, it’s both, and how the two interact.”

Internal controls and cyber security training are part of the solution. “But even well-trained employees make innocent mistakes that can be costly,” Jeff said. “That’s where insurance comes into play.”

Brokers and their clients had sought the additional coverage because of the rise of social engineering attacks. The Australian Competition and Consumer Commission’s (ACCC) Scamwatch data shows BEC scam incidents increased 33% in 2018 and BEC accounted for 63% of business losses reported to ACCC.

The rapid rise of social engineering attacks has prompted ACCC to encourage businesses to immediately review processes for verifying and paying invoices.

“Social engineering scams can be sophisticated and many businesses only realise they’ve been caught when it’s too late,” Jeff said.

Digital currencies have spawned cryptojacking, where crooks hijack computers to mine digital currency. Those affected may experience substantial loss of computer performance, reduced battery power, and increased electricity costs. Emergence insureds can now protect themselves against the financial impact.

“Cryptojacking demonstrates the dynamic nature of cyber risks,” Jeff said. “It’s important for businesses to choose a cyber insurer whose cover keeps pace with the evolving threat landscape.”

Ways to Reduce the risk of Social Engineering

Risk management was the best weapon to protect against criminal financial fraud. Jeff said businesses should:
• Use two-factor authentication to secure all online accounts
• Consider the source – treat unsolicited emails with scepticism
• Slow down – consider procedures to deal with what appear to be urgent requests
• Train all staff in security awareness
• Set strong passwords for all devices and accounts
• Review processes, procedures and separation of duties for financial transfers
• Review, refine and test incident management and phishing reporting systems
• Patch frequently and install antivirus software.

While a cyber policy was part of every successful business’s risk management framework, it was not the first line of defence.

“Cyber insurance is designed to protect a business when its IT security, policies and procedures fail to stop an attack,” Jeff said. “But no amount of risk management can get you out of the sights of a determined cyber attacker.”

Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities.

Source: Emergence Insurance

Compare Cyber Insurance

Cyber Insurance Comparison


Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service


Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.