Stay Protected in 2025: Update Your Cyber Incident Prevention and Coverage Strategies

With the cybersecurity awareness training many organizations require, most employees should know what a suspicious email looks like. Yet social engineering still accounts for 98% of all cyber-related attacks. Criminals take maximum advantage of social engineering tactics, costing organizations millions of dollars either directly or in subsequent damage from theft, malware, ransomware, reputational damage, service disruption, and other incidents.

To compound the problem, many organizations do not stay up-to-date on the insurance coverage needed to protect them from potentially catastrophic events. Because every organization has unique cybercrime risks, it’s necessary to seek cybercrime coverage that is heavily customized.

Know About the Latest Exposures and Coverages

Cybercrime is one of the most frequently discussed, but least understood, risks and insurance coverages. Claims-made insurance policies, whether crime (aka fidelity bond) or cyber policies, are often issued without critical coverage enhancements, leaving the insured organization with potential coverage gaps. Therefore, it’s crucial to obtain a comprehensive insurance review and terms and conditions that match your organization’s unique risks. This often extends to indirectly related coverages like errors and omissions (E&O) liability and even directors and officers (D&O) liability policies.

Depending on your organization’s needs, cyber, crime and E&O/D&O policies can be used to gain the broadest coverage possible.

Prevent Cyber Events from Occurring

While social engineering security threats continue to proliferate and become more advanced (including the use of AI to enhance the subterfuge), organizations can mitigate these risks by taking these proactive steps:

1. Train employees properly. Ensure employees know what to look for in a phishing email and how to spot other social engineering threats. Give employees clear policies on protecting sensitive information, password best practices, effective cyber security, and visitor management. Use up-to-date training and threat scenarios with scoring and feedback.
2. Document specific verification procedures for any wire/money transfers. Establish prearranged “call backs” or other verification procedures in contracts or service agreements with third parties, such as customers, clients and vendors. For example, a phone call to a specific person at the third party will help confirm banking and routing information that’s not on a particular invoice or email. The phone call should not involve any telephone number in a recently received email.
3. Implement procedures for responding to a scam. If an organization falls victim to a fraudulent transfer scam, it should act quickly and 1) ask its financial institution to contact the financial institution where the transfer was sent, 2) contact the local FBI field office to report the crime, and 3) file a complaint with the FBI’s Internet Crime Complaint Center.

Prevention Is the Best Medicine

Areas of cybercrime vulnerability can be addressed by audits that can help you understand the depth and breadth of your organization’s risk, as well as the sophistication of threats it faces and solutions to solve for them.

The time to address this insidious risk is now, before an event inevitably finds you and your organization. But if it does, a backup plan of having cyber insurance in place will help mitigate costs and significant impacts to your business.