This One Cyber Insurance Myth Could Cost Your Business Thousands

Cyber Insuranc Myth

In an increasingly digital world, business owners are often left vulnerable to cyberattacks and scams. One of the most alarming revelations for many is that their cyber insurance may not cover losses if an employee is tricked into wiring funds to a scammer’s account. During a recent conversation with Eric Hammond at MIS Solutions, we delved into this critical issue, exploring how such scams happen and what preventive measures can be taken.

How These Scams Happen

A prevalent method scammers use is Business Email Compromise (BEC). Eric explains that this occurs in various forms, with phishing and spoofing attacks being the most common. He shares a real-life example of a business owner friend who fell victim to such an attack.

The business owner was undergoing renovations and had contracted a vendor, with payment milestones set along the project timeline. The owner received an email from the vendor requesting a progress payment, followed shortly by another email (appearing to be from the vendor) claiming a change in the banking details due to an update in their accounting system. Trusting the email, the business owner changed the account information and unwittingly wired $120,000 to the scammer’s account. Needless to say, the money was lost, and the business owner never recovered it.

Why Cyber Insurance Might Not Cover BEC Scams

The interviewer brings up a crucial question: Why wouldn’t an insurance company cover a loss if someone is scammed in this manner? Eric’s response is insightful. Standard cyber insurance policies typically only cover direct thefts, such as when a hacker breaks into a system and steals data or funds. However, losses due to social engineering—where an employee is tricked into transferring funds or divulging sensitive information—are often not included in these policies. To be protected in such scenarios, businesses need to have specific social engineering policies in place. These policies are designed to cover incidents where criminals manipulate employees into giving away assets or sensitive information.

Preventing Business Email Compromise

According to Eric, prevention begins with the people within the organization.

1. Security Awareness Training

Employees are the first line of defense against cyberattacks. It’s crucial to provide them with comprehensive training to recognize phishing attempts, spoofing emails, and other common tactics used by cybercriminals.

Administrative Controls

Beyond employee training, implementing robust administrative controls is essential. These controls are internal processes that help verify and legitimize any request for changes to banking information. Here’s how to effectively implement administrative controls:

Phone Verification

If your accounting team receives an email requesting a change in banking information, they should always verify this request by calling the vendor using the phone number on file, not the one provided in the suspicious email.

Two-step Verification

Have a policy in place that requires all wire transfers be verified by a manager and a designated approver.  Having an extra set of eyes on any transfers will lessen the likelihood of funds being funneled to a fraudster’s account.

By creating unique administrative controls tailored to the company’s specific needs, businesses can significantly reduce the risk of falling victim to such scams. These measures, while simple, can save companies considerable amounts of money and headaches.



Cyber insurance is a vital component of any business’s risk management strategy, but business owners must be aware of its limitations, especially in the context of social engineering attacks. By ensuring comprehensive coverage that includes social engineering policies and investing in employee training and robust administrative controls, businesses can better safeguard themselves against cyber scams.

At MIS Solutions, we partner with numerous insurance companies specializing in cyber insurance. If you’re interested in learning more about how to protect your business from cyber threats, feel free to reach out to us. We’ll be happy to provide you with more information and assist you in finding a reputable insurance agency that fits your needs.

Schedule a free 15-minute discovery call
We’ll discuss your IT requirements and assess whether we’re the right fit for you.


Liked the articles?

Well, there’s plenty more where that came from! Our incredible team is constantly on the lookout for the latest and greatest IT content to keep you informed about what’s cooking in the world of technology. Make sure you don’t miss out on our amazing content by subscribing to receive blog updates.

  • Remark: We will collect your information for marketing purposes. However, we respect your privacy rights. If you wish to access or amend any Personal Data we hold about you, or request that we delete any information about you that we have collected, please send us an email:
  • This field is for validation purposes and should be left unchanged.