Companies Are Facing New Types of Digital Theft. Here’s How They Can Better Protect Themselves
White Paper Summary
Crime risk is one of the most dangerous threats to small and mid-sized businesses. Theft can be committed by an employee or a third party outside the organization via traditional means — like employee-run check tampering and payroll schemes — or digitally, like third party phishing scams and other social engineering fraud.
Amid the COVID-19 pandemic, the risk of social engineering fraud may become even greater as more employees work remotely and the usual chains of communication with colleagues are disrupted. And schemers may look to take advantage of workers’ increased stress levels. Inundated with negative news and trying to balance work and life in the same space, anxious employees may be more likely to make mistakes.
Social engineering scams — also called business email compromise (BEC) or phishing — have been on the FBI’s radar for years and, despite being easily preventable, continue to rise in frequency and severity.
The FBI reported a 100% increase in identified global exposed losses stemming from social engineering schemes between May 2018 and June 2019. Between the summers of 2016 and 2019, this type of fraud caused $26 billion in global losses.
Sophisticated thieves, who take time to study a target’s chain of command, key vendors and suppliers, level of stringency surrounding accounting procedures, and methods and style of communication, can make off with millions in a single heist. And every type of organization has been targeted — public entities, nonprofits, small private companies and large financial institutions.
“Traditionally, though, crime risk has always been one of the biggest stressors for small- to medium-sized businesses in particular, because economically it’s just harder for them to take a hit,” said Helen Savaiano, President of Management Liability at The Hanover.
The increased frequency and severity of these schemes has given insurers pause. Here’s how the industry is responding to the ubiquity of social engineering fraud, what that means for insureds, and how they can better protect themselves with the right resources.
To learn more about The Hanover Insurance Group , please visit their website.