Fool me once, shame on you. Fool me twice, shame on me. We’ve all heard that saying. But what about fool your company once? Well, shame on the cybercriminals, certainly, but it’s also a wake-up call for businesses everywhere.
There’s a new cyber scam on the rise and it’s particularly damaging because it falls in a grey area between existing insurance coverage types and outside the legal framework, leaving you, the business, on the hook for losses that can run in excess of $100k.
Imagine this: your company gets a run-of-the-mill purchase order from an existing customer. You fill the order as normal and ship it out, missing one singular, crucial detail: the shipping address has changed. This was not a normal, or even legitimate order, but a falsified purchase order that re-routed goods from their intended destination and into the hands of cyber criminals.
So, what’s the big deal? Because the target delivered the merchandise themselves, this type of incident is legally considered a “voluntary parting” rather than a theft, which property policies do not cover. Although cyber policies typically do cover social engineering, it is limited to incidents that occur in cyber space, such as data breaches or the electronic transfer of funds/securities. Cyber policies do not cover merchandise or products.
What can you do? Businesses that are involved in the logistics chain of moving cargo should address this exposure with their risk management team. As a first line of defense, you will likely be advised to review and update social engineering training for all staff to prevent this breach from occurring in the first place. As a second line of defense, your risk management team will likely review your crime coverage, as these policies can often be endorsed to include third-party social engineering coverage for products/merchandise.
