Social engineering attacks are on the rise and can cost businesses thousands. For those less familiar with the term, it usually refers to hackers manipulating individuals into transferring funds to fraudulent accounts. Often times, this is done through seemingly credible emails from suppliers or even fellow employees. The problem, of course, is that the funds are supplied willingly, which can leave a grey area when it comes to a cyber insurance policy responding.

For example, in 2010, a Canadian company discovered that employees had made a series of wire transfers to a fraudulent account amounting to several hundred thousand dollars, some of which the company attempted to claim back from its cyber insurance provider in 2011. Recently, however, the Alberta Court of Queen’s Bench found that because the funds were transferred with the company's consent, the attack did not fall within the terms of their cyber insurance policy at the time.

Our underwriter’s policies contain explicit coverage designed to address the growing threat of social engineering.

A lot has changed since then, but we know that cyber policies still handle this area very inconsistently. With this in mind, we wanted to reassure you that our underwriter’s policies contain explicit coverage designed to address the growing threat of social engineering, providing protection against theft of funds even when the transfer is made with the insured’s consent. Cyber policies are quickly changing, and we're also committed to analyzing and comparing policies offered by different insureds frequently in an effort to stay one step ahead of today's quickly evolving cyber risks.

If you have any questions about this or any other aspects of our cyber cover, please feel free get in touch today.

Back to blog

Shared with permission from CFC Underwriting Ltd.