Cyber Insurance is becoming increasingly important in this digital age, and many insurers have excellent information available to help you understand the many threats out there. One insurer has warned that up to 90% of cyber breaches are caused by staff inadvertently clicking on links in emails and other innocent errors. How can employers stop Fred in Accounts clicking on a dodgy link in an email? It can happen in any business.
There's nothing social about social engineering fraud.
No matter what size your business is, if you transact online you are vulnerable to a cyber attack. If you would insure your house or your car, why wouldn't you insure your business against a digital fire? A cyber attack can be just as devastating on your business as a fire.
In the context of Cyber Insurance, Social Engineering Fraud means impersonation of an Insured Person by a third party.
The fraudster may seek to manipulate an Insured Person to issue an instruction to a financial institution to debit, pay, deliver or transfer money or securities from an account maintained by the Insured to a third party.
So do you know your Phreaking from your Phishing? Here's a little explainer to help you get your head around it. Please note that definitions may vary between insurers, so this is a general guide only.
Who is covered under a Cyber policy?
Under the terms of most policies, The Insured may be defined as an employee, director, officer or anyone who is authorised to transact on the Insured's behalf (ie: accounts personnel). Social Engineering Fraud cover is available via cyber insurance policies, sometimes as a built-in benefit, or as an optional extension on other business insurance policies.
Phishing means the fraudulent use of electronic communications or websites to impersonate the Insured, its products or services for the purpose of soliciting personal, confidential or commercial information about the customers or clients of the Insured. Targets may be contacted by email, telephone or text message by someone masquerading as a legitimate business to trick people into providing sensitive data such as personal information, banking and credit card details, and passwords. Read more about Phishing from the IT professionals' resource KnowBe4 here
Phreaking means the unauthorised and malicious use of the telephone system of the Insured which results in unauthorised charges which the Insured is legally liable to pay. Phreaks break into the telephone networks illegally, usually to make free long-distance phone calls or to tap phone lines. The term is now sometimes used to include anyone who breaks or tries to break the security of any network.
What kind of businesses are at risk?
Any business that transacts online, and these days who doesn't? If you operate an online store you are particularly vulnerable but even bricks & mortar businesses are fair game. Click here to see some case studies from our friends at Dual Australia. These are real life claims representing clinics, Real Estate agents, tradesmen, small family businesses, manufacturers and even insurance brokers! Nobody is exempt - it can happen to anyone.
Other cyber threats
Malware - logs your keystrokes, giving your banking and credit card details to the cyber criminals.
Ransomware - encrypts your data files while they are still on your computer, demands are made by criminals to make a significant payment in order to return access and unlock your files.
Data Breach - loss of sensitive/confidential data, exposing you to government imposed fines and/or legal action from clients or businesses whose information has been “leaked”.
Don't be like this guy - speak to Ceneta about how we can help protect your business with the right Cyber policy.
This article is not intended to be advice and you should not rely on it as a substitute for any form of advice. Please review your policy wording carefully and contact Ceneta for further information.
Ceneta Insurance Services
AR 332815 | Authorised Representative of PSC Connect Pty Ltd ABN 23 141 574 914 | AFS License No 344648
Call 1300 158 911