Tips to Protect Your Business Against the Proliferation of AI in Cybercrime

By Jim Barr, Vice President

As we’ve covered in the past, cyber threats are evolving at an alarming rate, and businesses are finding themselves vulnerable to increasingly sophisticated attacks. 

Among the most insidious threats is social engineering — an advanced form of cybercrime that manipulates individuals into divulging sensitive information, bypassing even the most advanced security measures. As social engineering tactics become more refined, the need for businesses to understand their cyber insurance options has never been more critical.

Understanding Social Engineering Attacks

Social engineering relies on psychological manipulation, rather than technical hacking, to deceive employees into performing actions that compromise security. Common tactics include phishing, pretexting, baiting and quid pro quo scams. 

For instance, a phishing attack may involve an email that appears to be from a trusted executive, urging an employee to wire funds to a fraudulent account. Similarly, attackers may impersonate IT personnel, tricking employees into revealing login credentials or downloading malicious software.

With the rise of artificial intelligence (AI), social engineering attacks have become even more sophisticated. So called “deepfake” technology has the ability to create convincing voice or video messages, making it easier for criminals to impersonate executives and pressure employees into compliance. 

As these techniques advance, businesses must remain vigilant and take proactive measures to safeguard their assets.

The Role of Cyber Insurance in Mitigating Social Engineering Risks

Cyber insurance has become an essential risk management tool for businesses seeking protection against cyber threats, including social engineering attacks. However, coverage for social engineering scams is not always straightforward. Many standard cyber insurance policies focus on data breaches, network security failures, and ransomware attacks, but they may not automatically cover losses resulting from social engineering fraud.

To address this gap, insurers now offer specialized social engineering fraud endorsements or separate policies. These cover financial losses from fraudulent wire transfers, employee manipulation, and other deceptive schemes. In many cases, carriers are now offering “cybercrime” policies that cover both social engineering and fraudulent fund transfer as part of a single policy offering.

However, coverage terms vary widely, and policyholders must carefully review exclusions, sub-limits, and conditions that insurers impose. For instance, some policies require businesses to implement multi-factor authentication or employee training programs as prerequisites for coverage. 

By and large, the policies are surprisingly affordable. If you haven’t shopped your cyber coverage recently, now may be the time to see if you are getting the most complete cyber coverage at the most affordable premiums.

Best Practices for Businesses to Combat Social Engineering

While cyber insurance can help mitigate financial losses, businesses should also take proactive steps to prevent social engineering attacks in the first place. Key strategies include:

1. Employee Training: Regularly educate employees about common social engineering tactics and how to recognize phishing attempts. Clearly articulate and document company policies and procedures.
   
   
2. Multi-Factor Authentication (MFA): Implement MFA across all critical systems to reduce the risk of unauthorized access and make participation mandatory across the company.
   
   
3. Verification Protocols: Establish strict verification processes for financial transactions, such as requiring multiple approvals before wiring funds.
   
   
4. Incident Response Plans: Develop and regularly update an incident response plan to ensure a swift and coordinated response to cyber incidents.
   
   
5. Vendor Risk Management: Be sure to vet all third-party vendors and partners to ensure  that they adhere to robust cybersecurity practices that meet your own company standards for protection.
   
   
6. Consult Your Insurance Representative: Be sure to consult regularly with your insurance agent, and communicate the steps you are implementing as a business to a.) ensure compliance with insurance company standards and b.) see if you qualify for available discounts, exceptions and policy benefits.
   
   

The Future of Cyber Insurance and Social Engineering Risks

According to Dan Cook, Detective Sergeant of the Michigan Cyber Command Center (a division of the Michigan State Police), “Cyber crimes are increasing both in frequency and in sophistication. Not only are there more exploitable vulnerabilities than ever before, there are more cyber criminals than ever before. They are more active, more sophisticated, and working harder than ever to avoid detection.”

As cyber threats continue to evolve, insurers are adapting their policies to address emerging risks. Businesses should anticipate stricter underwriting requirements and increased scrutiny of cybersecurity measures. AI-driven social engineering attacks will likely push insurers to refine coverage definitions and exclusions, making it essential for policyholders to stay informed and proactive in their risk management efforts.

In 2025 and going forward, social engineering presents a growing threat to businesses, and cyber insurance is a valuable tool for mitigating financial exposure. However, insurance alone is not enough. Companies must invest in cybersecurity education, implement robust security protocols, and stay ahead of evolving threats to minimize their risk. 

By combining preventive measures with comprehensive cyber insurance coverage, businesses can better protect themselves against the ever-growing danger of social engineering attacks. 

If you have questions about this or any other professional line of commercial insurance coverage, "contact me" <jbarr [at] gcbinsurance [dot] com> and I’ll be happy to guide you in the right direction!