.jpg)
An award-winning cyber underwriter has updated its policy wording this week after brokers indicated a rise in the number of social engineering attacks and a reduction in providers willing to offer cover.
Emergence Insurance – which picked up the award for Australian Underwriting Agency of the Year at last week’s Insurance Business Awards – confirmed yesterday that is has developed a new section for criminal financial loss.
The optional addition provides specific cover for socially engineered thefts and cryptojacking – issues which are becoming increasingly prevalent.
Where traditional cyberattacks target IT systems, social engineering attacks target individuals – often tricking people into divulging sensitive information, transferring money to hackers’ accounts, or even providing access to corporate IT systems.
“Hacking humans is now big criminal business,” said Jeff Gonlin, head of underwriting and product development at Emergence. “People are the weakest link in the security chain.”
Examples of social engineering attacks include business email compromise (BEC), phishing (using electronic communications to fraudulently obtain sensitive information) and baiting (using free offers to surrender login credentials).
Fake invoices are another increasingly popular ploy, where criminals insert their own bank details into an invoice which appears legitimate at first glance.
“A supplier’s invoice may look genuine and even represent a legitimate bill a victim is expecting, but doctored bank details mean the funds go to crooks instead of the intended recipient,” said Gonlin.
Gerry Power, national head of cyber sales at Emergence, says the new policy wording has been five-months in the making and comes as other players in the market pull away from social engineering.
“The cover we’ve developed will be absolutely ideal for the market and I’ve been taking phone calls all morning from brokers saying thank god we’ve done it,” said Power.
According to Power, financial losses as a result of social engineering scams have typically been covered under management liability – but the market has been taking major hits of late.
“For a long time, there’s been cover for social engineering under the management liability sector of the insurance market, but those insurers have been getting absolutely destroyed by social engineering claims, so their prices are going up or they’re actually deleting the cover completely,” says Power.
“That was really the starting point because the market came to us, they told us there’s an area of cover here which is arguably cyber, and they asked us if we could come up with a solution.”
Of course, Power says coming up with a viable solution took significant time and effort as the underwriter had to devise an original strategy.
“Our challenge is, if the management liability market is getting hammered by these sorts of claims, then we can’t just mimic what the ML market does because we’ll end up in the same position in two or three years’ time,” Power told Insurance Business. “We need to be smarter in terms of how we underwrite it.”
While the new policy wording addresses the current problem of social engineering, Power says Emergence is also looking ahead as it anticipates changing market conditions.
“We expect the market will say it wants more cover so we’re already working on that in the background so we can figure out how we can build from here – of course, that will need a whole lot more underwriting rigour because as the cover goes up, the risk goes up,” he said.
