Crime and Social Engineering Insurance

JLT Specialty’s Crime and Social Engineering (CASE) coverage addresses the growing exposure posed by social engineering. Traditional crime exposures such as fraud and dishonesty of employees are still very real risks businesses face however the emerging risk of social engineering is one that more and more companies are being targeted with.

Such an attack is targeted at an individual level with the intention of manipulating people to obtain confidential information, however some look to exploit IT security through encouraging individuals into downloading malicious software (malware) that will allow them access to your IT infrastructure. Many existing Crime policies do not cover this growing trend in losses and companies are finding that their policies fail when they’re needed the most. 

JLT Specialty’s CASE coverage addresses these with the following benefits for clients of JLT:

  • Affirmative and broad coverage for social engineering events – including any fraudulent communication from a third party source purporting to be genuine;
  • All risks Crime coverage for
    • Theft of assets
    • Social engineering
    • Extortion; and
    • Criminal damage
  • Few exclusions, removing many avenues of common coverage dispute – JLT CASE will be adapted to future claims trends;
  • Broad coverage for new ventures and acquisitions, reducing the need for administration during the year;
  • Limits respond to each loss, there is no aggregate cap on insurance – current trends have seen multiple losses in quick succession to large international companies – this coverage addresses that concern; and 
  • Caters for and protects against the new insurer remedies under the UK Insurance Act 2015.

Examples of social engineering

FACC

The head of Austrian aerospace parts maker FACC was sacked after the company was hit by a cyber fraud that cost the company USD 47 million. FACC, whosecustomers include Airbus and Boeing said it had been hit by a cyber fraud. The hoax email asked an employee to transfer money to an account for a fake acquisition project – a kind of scam known as “fake president acting”. FACC also fired its Chief Financial Officer after the event.

Crelan Bank 

Crelan Bank fell victim to a USD 75 million fraud known as a business email comprise. Details as to exactly what happened are scarce, it has been suggested that an email was sent to a financial employee or accountant purporting to be from the CEO requesting the urgent transfer of funds to a trusted partner of the company. Crelan Bank have reported the incident to law enforcement who are investigating.

Ubiquiti Networks

Ubiquiti Network has been defrauded of some USD 46 million by scammers who impersonated employees. Details are scarce but the fraud seems to have involved scammers spoofing communications from the firm in an effort to initiate unauthorised international wire transfers. Ubiquiti say’s it’s recovering $8.1 million of the heist and is trying to recover an additional $6.8 million through a legal challenge. Ubiquiti Networks are looking to improve their internal controls over financial reporting. 

For further information please contact Mike Parry on +44 (0)20 7459 5585 or email mike_parry@jltgroup.com or contact Kurt Rothmann on +44 (0)20 7528 4961 or email kurt_rothmann@jltgroup.com