The kind of cyber coverage clients clamour for is more likely to take account of breaches achieved by way of manipulating unquestioning humans than by the Hollywood idea of hacking; these attacks are “low-hanging fruit,” says Mike Smith, broker and leader of Swett & Crawford’s Cyber Liability Practice, and he’s seeing more and more of them.
“When my buyers are looking for cyber coverage, one of the biggest aspects they’re asking me about is how do we cover the social engineering crime exposure?”
Phishing attacks provide an easy in for cyber-criminals looking to leverage human behaviour.
“People want to click on those emails and they hit their screens too quickly,” says Smith. “That’s your first reaction: you get an email and you want to look at it. So what I find is that a lot of people calling us, brokers calling us every week asking ‘can we get insurance on these phishing attacks?’ and it’s the crime coverage that we’re really taking about.”
In one recent case a would-be homebuyer unwittingly forwarded ill-gotten gains beyond the dreams of a Nigerian prince to a bank account that proved to be bogus.
“A cyber-criminal got inside a network -- either the escrow or real estate agency – and the day before the money had to be transferred by the buyer they got a phishing email telling them there was a new bank they had to send it to. So the homebuyer had $500,000 transferred out. This is what we’re seeing more and more, real serious financial loss.”
As for what the future holds, Smith says he sees more emphasis likely to be focussed on training employees, including C- suite personnel, in the dangers lurking in the digital landscape.
