What is Social Engineering?
Social engineering is the art of tricking individuals so they give up confidential information primarily through the use of the internet or email scamming schemes. Cyber criminals use a variety of ways to reach and manipulate their way into individuals and businesses networks and personal information. Examples of social engineering tactics are baiting schemes, e.g. cyber criminals may leave USB sticks infected with malware laying around a targeted company’s premises in the hopes that an unknown employee will plug it into a network computer. Once plugged in, the malware may infect the company’s entire network system.
Do Businesses need Social Engineering Insurance?
Even companies that conduct strict background screenings, employ fraud detection systems and implement strict internal control can be vulnerable to losses if a well-meaning employee is duped by a criminal posing as a supplier, new client or fellow employee. According to the Federal Bureau of Investigation, companies have paid $1.6 billion as a result of social engineering hacking attacks from 2013 – 2017. Additionally, companies pay an average annualized cost of $11.7 million to deal with and prevent cybercrimes. Unfortunately, despite enormous investments in technology and protective measures organizations big and small continue to make news about cyber security breaches at a click of about 27% increase each year.
What does Social Engineering Insurance Cover?
Social Engineering insurance provides added protection when strong controls still fall short. Coverage insures a range of social engineering fraud losses, including:
- vendor or supplier impersonation
- Executive impersonation
- Client impersonation