Social Engineering Fraud Risk

Cyber crime has become the top economic crime experienced by Australian organisations according to the 2016 PWC Global Economic Crime Survey.

Over the past 2 years 65% of Australian organisations have experienced cybercrime with 1 in 10 suffering losses in excess of $1,000,000. Economic crime remains a persistent threat to organisations in Australia, with an increasing focus on the digital and cyber landscapes.

Cyber threats continue to evolve at a rapid rate. Where we used to see hackers targeting the suppliers and third parties of large businesses to gain access to their targets network we are now seeing a rise in direct attacks associated with the likes of ransomware and malware. In addition business are experiencing an increase in cyber crime with spear-phishing and social engineering tactics becoming more advanced targeting employees, seen as the weakest link, to gain entry.

Email scams are becoming increasingly sophisticated. In many cases, they piece together information from various sources, such as social media and intercepted correspondence, in order to appear convincing and trustworthy while perpetrating the fraud.

Cyber criminals are employing graphic designers to replicate fake supplier invoices and setting up accounts teams to transact the fraudulent funds. A typical attack involves the hacker infiltrating a business’s network and gaining access to supplier details. They will then produce fake invoices that mirror genuine invoices and then send to the employees entrusted with the payment of such invoices. In most cases the employee is none the wiser and only discover the error when the genuine supplier calls chasing up payment.

It is no surprise that due to the emerging nature of these risks and the significant potential for loss, stand-alone cyber policies generally do not extend to cover such exposures.

Whilst Management Liability policies may contain an element of crime cover the most comprehensive coverage can be found within a Commercial Crime policy that extends to computer and funds transfer fraud. Matched with a quality Cyber insurance policy that has the ability to extend coverage to social engineering (typically where the employee willingly pays the money) exposures, the client has access to a comprehensive insurance solution to add to their risk management armoury.

INDUSTRY FOCUS

Industries such as financial services, the retail sector and health have been the early adopters of cyber risk management incorporating cyber insurance.

We are now seeing a shift beyond these industries to all business sectors, great and small.

There is no question that no matter what industry you operate in  and no matter what your size, if your business is reliant on technology such as the use of computers or electronic devices you are exposed to cyber threats.

At Nova we have seen an increased interest in professions such as:

  • Design and Construct (engineers, architects etc)
  • Insurance Brokers
  • Underwriting Agencies
  • Real estate Agents

Just a few of the typical exposures within these industries include:

  • Ransomware attacks effectively shutting down your network till a ransom is paid
  • Computer viruses causing damage to and destroying data
  • Client and employee personal information being exposed via lost/stolen portable devices such as laptops, USB sticks and smart phones
  • Sensitive information contained within tender documents being accessed by competitors or released to the public
  • Critical designs being lost or damaged
  • Client/customer details being incorrectly attached to an email and sent out in a marketing campaign

This article was contributed by Rob Collyer, Underwriting Development Manager, Nova Underwriting.

Nova Underwriting offers a comprehensive cyber policy that can extend to social engineering exposures plus a commercial crime (incorporating computer funds transfer fraud) policy.