Fund Transfer Fraud & Social Engineering – What is the difference?
There is an overlap and GAP in coverage between Cyber Policies and Crime Policies. Coverage for Fund Transfer Fraud and Social Engineering can be obtained on both Crime / Bonds and Cyber policies depending on your carrier and class of business. There has been a rise in Social Engineering losses, and I have seen too many companies find out after the fact that they do not have any coverage, and that coverage was available in the market for this.
What is the Difference:
Fund Transfer Fraud (traditionally found on a Crime / Bond) is generally where a malicious system attack or hack allows the attacker to use the banking information to transfer funds. So a hacker gets into your system, steals your user name and password, and transfers funds out of your bank. By the time you figure it out the funds are long gone.
Social Engineering (aka Deception / Fraudulent Instruction / Impersonation) is generally where an Insured is targeted by a phishing scheme and voluntarily gives away funds to a perceived third party. This is often called “voluntary parting of title” and is not covered by a Fund Transfer Fraud insurance agreement.
Another way to think about this is that the Fund Transfer Fraud involves a malicious hack. Social Engineering is where the insured is tricked into transferring funds.
Social Engineering claims are happening every day to small non-profits to large sophisticated companies. Take for example Ubiquity Networks who was a victim of a $39M social engineering attack. These attacks are also called BEC scams or “Business Email Compromise” scams. Attached is an article describing how to spot a phishing email.
Each carrier has a very different appetite on what they will offer. Most good Crime forms will offer the Fraudulent Fund Transfer coverage as an optional coverage, but many will only offer the Social Engineering coverage with a small sub-limit and for certain classes of business. Good Cyber carriers may offer the Social Engineering coverage, but not on all classes of business. Banks, as an example, may have their crime coverage with a crime market that does not have the ability to offer a Social Engineering sub-limit. Even if both Cyber and Crime markets can offer the coverage, there may be different attachment points, coverage triggers, very different definitions, and different claims handlers managing the claim.
Be aware of the differences in these coverages. Social Engineering claims are rapidly expanding and the coverage in the market is limited, but should be offered.
- Trained underwriters, broker, and agents.
- Developed Cyber underwriting manuals
- Developed Cyber rating guides
- Written Cyber insurance policy forms
- Regular speaker at Cyber risk conferences
- Launched a Cyber MGA
- Close relationship with all the top Cyber markets and service providers
- Customized Cyber programs for many agents and groups.
DBA ProWriters Insurance Services LLC in CA