https://www.insurerbrain.com/w/index.php?action=history&feed=atom&title=Definition%3ASocial_engineeringDefinition:Social engineering - Revision history2026-06-13T19:08:51ZRevision history for this page on the wikiMediaWiki 1.43.8https://www.insurerbrain.com/w/index.php?title=Definition:Social_engineering&diff=8252&oldid=prevPlumBot: Bot: Creating new article from JSON2026-03-10T13:53:23Z<p>Bot: Creating new article from JSON</p>
<p><b>New page</b></p><div>🎭 '''Social engineering''' in the insurance context refers to manipulative tactics — typically deception, impersonation, or psychological pressure — used to trick employees of an insured organization into transferring funds, divulging confidential information, or granting unauthorized system access. Unlike a brute-force [[Definition:Cyberattack | cyberattack]] that exploits technical vulnerabilities, social engineering targets human behavior: a convincing email from a "CEO" requesting an urgent wire transfer, a phone call from a fraudulent "vendor" updating bank details, or a spoofed message directing an employee to a credential-harvesting website. The rise of these schemes has created a distinct [[Definition:Risk | risk]] category that [[Definition:Underwriter | underwriters]] must evaluate separately from traditional [[Definition:Crime insurance | crime]] or [[Definition:Cyber insurance | cyber]] exposures.<br />
<br />
⚙️ From an underwriting standpoint, social engineering straddles the boundary between [[Definition:Computer fraud | computer fraud]], [[Definition:Funds transfer fraud | funds transfer fraud]], and employee dishonesty — none of which may explicitly cover voluntary transfers induced by deception under standard [[Definition:Commercial crime insurance | commercial crime]] policies. Courts have produced conflicting rulings on whether legacy [[Definition:Fidelity bond | fidelity bonds]] respond to social engineering losses, prompting insurers to develop dedicated [[Definition:Endorsement | endorsements]] or standalone [[Definition:Social engineering coverage | social engineering coverage]] sub-limits. During the underwriting process, carriers assess the applicant's internal controls — dual-authorization for wire transfers, callback verification procedures, and employee training programs — to gauge exposure and set appropriate [[Definition:Policy limit | limits]] and [[Definition:Premium | pricing]].<br />
<br />
🧠 The insurance industry's response to social engineering reflects a broader shift toward evaluating human-factor risk alongside technological vulnerability. [[Definition:Loss control | Loss control]] and [[Definition:Risk management | risk management]] services now routinely include phishing simulations and awareness campaigns as part of the value proposition tied to a [[Definition:Cyber insurance | cyber]] or crime program. For [[Definition:Broker | brokers]] advising commercial clients, understanding the nuances of social engineering coverage — including how it interacts with [[Definition:Cyber insurance | cyber]], crime, and [[Definition:Directors and officers liability insurance (D&O) | D&O]] policies — is essential to closing the gaps that attackers exploit.<br />
<br />
'''Related concepts'''<br />
{{Div col|colwidth=20em}}<br />
* [[Definition:Social engineering coverage]]<br />
* [[Definition:Social engineering fraud coverage]]<br />
* [[Definition:Cyber insurance]]<br />
* [[Definition:Commercial crime insurance]]<br />
* [[Definition:Funds transfer fraud]]<br />
* [[Definition:Phishing]]<br />
{{Div col end}}</div>PlumBot