Cyber specialist Emergence Insurance has enhanced its policy wording to cover social engineering.
Emergence has developed a new, optional section, Criminal Financial Loss, which offers cover for socially engineered thefts and cryptojacking. The new covers are in addition to cyber theft and telephone phreaking, which have long been part of Emergence’s offer.
Jeff Gonlin, Emergence’s Head of Underwriting and Product Development, says traditional cyber thefts target IT systems, but social engineering threats target individuals.
“Hacking humans is now big criminal business. People are the weakest link in the security chain,” he said.
Social engineering exploits people who are tricked into divulging sensitive information, transferring money to hackers’ accounts, or even providing access to corporate IT systems.
Examples include business email compromise (BEC), phishing (using electronic communications to fraudulently obtain sensitive information) and baiting (using free offers to surrender login credentials). Fake invoices are another ploy, through which criminals insert themselves into the middle of transactions.
“A supplier’s invoice may look genuine and even represent a legitimate bill a victim is expecting, but doctored bank details mean the funds go to crooks instead of the intended recipient,” Jeff said. “We are seeing the dark side of psychology meeting technology.”
Jeff advocates a holistic approach to cyber security. “It’s not just about your IT, or your employees, it’s both, and how the two interact.”
Internal controls and cyber security training are part of the solution. “But even well-trained employees make innocent mistakes that can be costly,” Jeff said. “That’s where insurance comes into play.”
Brokers and their clients had sought the additional coverage because of the rise of social engineering attacks. The Australian Competition and Consumer Commission’s (ACCC) Scamwatch data shows BEC scam incidents increased 33% in 2018 and BEC accounted for 63% of business losses reported to ACCC.
The rapid rise of social engineering attacks has prompted ACCC to encourage businesses to immediately review processes for verifying and paying invoices.
“Social engineering scams can be sophisticated and many businesses only realise they’ve been caught when it’s too late,” Jeff said.
Digital currencies have spawned cryptojacking, where crooks hijack computers to mine digital currency. Those affected may experience substantial loss of computer performance, reduced battery power, and increased electricity costs. Emergence insureds can now protect themselves against the financial impact.
“Cryptojacking demonstrates the dynamic nature of cyber risks,” Jeff said. “It’s important for businesses to choose a cyber insurer whose cover keeps pace with the evolving threat landscape.”
Risk management is the best weapon to protect against criminal financial fraud. Jeff said businesses should:
• Use two-factor authentication to secure all online accounts
• Consider the source – treat unsolicited emails with scepticism
• Slow down – consider procedures to deal with what appear to be urgent requests
• Train all staff in security awareness
• Set strong passwords for all devices and accounts
• Review processes, procedures and separation of duties for financial transfers
• Review, refine and test incident management and phishing reporting systems
• Patch frequently and install antivirus software.
While a cyber policy was part of every successful business’s risk management framework, it was not the first line of defence.
“Cyber insurance is designed to protect a business when its IT security, policies and procedures fail to stop an attack,” Jeff said. “But no amount of risk management can get you out of the sights of a determined cyber attacker.”
Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities.
Emergence has won the Insurance Business Cyber Product of the Year award in three of the last four years, including 2018, and has been nominated for its Underwriting Agency of the Year award.
You can obtain Emergence cyber quotations for clients by accessing the broker portal.
This blog is another cyber education initiative from Emergence.