March 2026 Magazine - Flipbook - Page 21
INSURANCE
Prevention: Your First Line of Defense
Cyber insurance policies specifically designed for
businesses typically include coverage for social
The best defense against social engineering fraud is a
engineering fraud and funds transfer fraud. These
multi-layered approach combining technology,
policies can help your business recover financial
policies, and employee awareness:
losses when someone tricks it into transferring money
Verify all payment requests by phone.
Before processing any invoice payment or bank
routing changes, require your employees to verify the
request through a phone call to a known, pre-existing
to fraudulent accounts. Beyond direct financial
recovery, cyber policies often provide access to
forensic investigators, legal counsel, and crisis
management professionals who can help your
business respond effectively to an attack.
number. Never use contact information provided in a
Additionally, many cyber insurance carriers offer risk
suspicious email.
management resources, including employee training
Implement segregation of duties.
programs and security assessments, to help prevent
Require multiple people to review and approve wire
insurance is typically far less than the average loss
transfer requests, with the initiator and two
independent signatories all involved in the
incidents before they occur. The cost of cyber
from a single successful social engineering attack,
which can range from tens of thousands to millions of
verification process.
dollars.
Enable Multi-Factor Authentication (MFA).
Building a Security-Conscious Culture
This adds critical security layers beyond simple
Protecting your business from social engineering
passwords, making it much harder for criminals to
fraud requires more than just technology or
impersonate your employees or executives.
insurance—it demands a cultural shift. Employees at
Train your team regularly.
every level should feel empowered to question
Employees should understand that email can be
independent channels, and report suspicious
intercepted, altered, and fabricated. Create a
culture where verifying unusual requests is
expected and encouraged, not seen as
questioning authority.criminals to impersonate
your employees or executives.
unusual requests, verify information through
communications without fear of criticism.
Remember: criminals are counting on urgency,
authority, and fear to bypass your logical thinking. By
implementing verification procedures, training your
team, and backing your defenses with appropriate
The Role of Commercial Cyber Insurance
cyber insurance coverage, you create multiple
Even with strong prevention measures, no business is
target.
barriers that make your business a much harder
completely immune to social engineering attacks.
This is where commercial cyber insurance becomes
an essential part of your risk management strategy.
March 2026 | THE TEXAS SURVEYOR
19
