As cyber scams become more widespread and sophisticated, social engineering fraud is quickly turning into one of the most popular way for a thief to rip-off a company using computers. Every franchise system should be asking itself and its franchisees “do we/you have insurance coverage to protect against these losses?” In most cases, the answer is No!
“Social Engineering Fraud” are schemes that mislead and deceive victims (typically a company employee) into transferring funds or divulging confidential information to a fraudster. The difference between social engineering theft techniques and other types of cyber attacks is that the victim voluntarily performs the acts of transferring the funds or providing the information. For example, a fraudster may send an email to someone in a human resource department posing as the company’s accountant and request social security numbers and tax information of employees. The unwitting HR employee does not think twice and quickly compiles the information and hits reply. In other cases, an employee in accounting is tricked into sending a payment to a “vendor” of the company which turns out to be a scammer.
Many companies incorrectly assume that these types of losses are covered under a standard cyber liability policy or crime policy. However, most crime and cyber policies require a computer hack or active invasion of a computer system by a criminal to trigger coverage under a policy. Insurance carriers argue that there was no “direct” fraud. This is becoming a huge gap in coverage for franchisors and franchisees as insurance carriers are denying coverage for these claims and winning coverage disputes.
All hope is not lost. Many insurance carriers offer endorsements to either a company’s crime policy and/or cyber policy for social engineering theft losses. The coverage under the endorsement is often sub-limited and may have a higher deductible but it is better than no coverage at all. Before a loss effects your system, franchisors should do the following:
Ensure that social engineering fraud coverage is clearly part of the franchise system’s crime or cyber policy.
Modify insurance requirements for franchisees to mandate coverage for social engineering fraud claims.
Keep in touch regularly with your broker and insurance counsel to make sure your insurance is covering new risks as they arise.
Educate your employees on spotting potential scams. Many brokers and insurance counsels even offer data security training for clients at reasonable rates. It is a good place to start.