Cybercrime has changed. In the past, hackers mostly used “digital lock-picks” to break into servers. Today, they often use “digital lies” to trick people. Social engineering and funds transfer fraud are two of the most dangerous threats facing New York businesses because they target humans, not just software.
Table of Contents
- Key Takeaways:
- What are social engineering and funds transfer fraud?
- Common Ways These Scams Start:
- How big is the threat of these cyber crimes for New York businesses?
- Why doesn't standard insurance always cover these losses?
- What are the benefits of a social engineering insurance policy?
- What steps can my business take to prevent these scams?
- Frequently Asked Questions (FAQs)
- Conclusion
Key Takeaways:
- AI is the New “Con Artist”: In 2026, cybercriminals are using advanced AI to create “deepfake” voices and emails that sound exactly like trusted bosses or vendors. You can no longer rely on just “good judgment” to spot a scam.
- Small Businesses are the Biggest Targets: Small companies are 350% more likely to be targeted by social engineering than large corporations because hackers assume they have weaker security.
- The “Voluntary Parting” Trap: Most standard insurance policies will not pay for a loss if an employee willingly sends money to a scammer. To be protected, your business needs a specific Social Engineering Endorsement.
- Verification is an Insurance Requirement: Many modern policies now require a “callback verification” process. This means your insurance claim could be denied if your staff doesn’t call a known, trusted number to confirm a wire transfer request before sending it.
- Human Error is the #1 Weak Point: Since 95% of successful attacks involve human error, the best defense is employee training and Multi-Factor Authentication (MFA). MFA alone can stop roughly 90% of account takeovers.
- A Single Scam Can Be Terminal: The average cost of a data breach has risen to $10.22 million in 2025/2026. Without proper insurance, 60% of small businesses close within six months of a major attack.
What are social engineering and funds transfer fraud?
Social engineering is a trick where a criminal manipulates someone into giving away secret information or money. Funds transfer fraud is the actual act of a criminal moving money out of your business bank account through a fake request. Both use deception to bypass your security and steal your hard-earned cash.
While they sound similar, they happen in different ways. In funds transfer fraud, a hacker might steal your bank login and move money themselves. In social engineering, the hacker might email an employee pretending to be the CEO, asking that employee to send a wire transfer to a “new vendor.” Because the employee “voluntarily” sent the money, it creates a unique problem for insurance.
Common Ways These Scams Start:
- Phishing: A fake email that looks real, designed to steal a password or install a virus.
- Pretexting: A long-term lie where the criminal builds trust with an employee over several weeks before asking for money.
- Vishing: Using a phone call or “voice phishing” to trick someone into revealing account details.
How big is the threat of these cyber crimes for New York businesses?
The threat of cyber fraud is at an all-time high, with total reported losses reaching $16.6 billion in 2024, which is a 33% increase from the year before. For businesses in New York, the risk is even higher because the average cost of a data breach in the United States hit $10.22 million in 2025.
Criminals are increasingly focusing on small and medium-sized businesses because they often have less security than giant corporations. In fact, small businesses are 350% more likely to be targeted by social engineering than large companies. Even more frightening, about 60% of small businesses close their doors permanently within six months of a major cyber attack because they cannot afford the recovery costs.
| Crime Category | Reported Losses (2024) | Description |
| Business Email Compromise (BEC) | $2.77 Billion | Criminals impersonating executives or vendors via email [^1.1]. |
| Phishing/Spoofing | $193,407 incidents | The most common way criminals start a con [^1.2]. |
| Investment Fraud | $6.57 Billion | Scams where people are tricked into “investing” money [^1.4]. |
Why doesn’t standard insurance always cover these losses?
Standard insurance policies often fail to cover social engineering because of a rule called “voluntary parting.” Most basic policies cover money that is stolen by a thief, but they may exclude money that an employee willingly sends to a criminal under false pretenses.
This is the most common insurance gap for businesses. If a hacker breaks into your computer and steals your bank password to move $50,000, your standard Cyber Liability policy might cover it. However, if that same criminal emails your accountant and tricks them into sending $50,000, the insurance company might say, “You sent the money on purpose, so we won’t pay.” This is why you need a specific Social Engineering Endorsement or specialized Crime Insurance.
Hypothetical Example: A New York construction company receives an email from what looks like their regular lumber supplier. The email says, “We have changed our bank; please send the next payment to this new account.” The company wires $100,000. Later, they find out the supplier’s email was hacked and the money is gone. Without a social engineering endorsement, the company’s standard insurance likely wouldn’t cover the $100,000 loss.
What are the benefits of a social engineering insurance policy?
A specialized insurance policy for social engineering and funds transfer fraud provides a financial safety net that covers the actual money lost during a scam. It also pays for forensic experts to investigate how the breach happened and legal teams to help you meet state laws regarding data protection.
These specialized policies can cover:
- The Missing Funds: Replacing the actual money that was wired or transferred to the fraudster.
- Deception Coverage: Protection for when an employee is tricked into sending money or goods (Social Engineering).
- Computer Fraud: Protection for when a criminal uses a computer to move funds without your permission.
- Vendor Impersonation: Specifically covering scams where a criminal pretends to be a trusted supplier.
With the rise of Artificial Intelligence (AI), these scams are becoming harder to spot. AI is now used in about 16% of breaches to create incredibly realistic “deepfake” voices or emails that sound exactly like your boss. Having the right insurance ensures that even if a very clever AI tricks your team, your business bank account is still protected.
What steps can my business take to prevent these scams?
Your business can prevent most social engineering scams by combining strong security tools with better employee habits. While insurance protects you after a loss, good habits can stop the loss from happening in the first place.
1. Verification Calls: Always call the person asking for money using a phone number you already have on file. Never use a phone number provided in a suspicious email. 2. Multi-Factor Authentication (MFA): Require a code from a cell phone app in addition to a password. MFA can stop up to 90% of account takeovers. 3. “Slow Down” Policies: Create a rule that no wire transfer can happen without two different people signing off on it. Criminals rely on urgency to make people skip steps. 4. Employee Training: Since 95% of successful attacks involve human error, training your staff to spot phishing emails is the best defense you have.
Frequently Asked Questions (FAQs)
Is social engineering the same as a ransomware attack?
No. Ransomware is when a criminal locks your computer files and asks for money to unlock them. Social engineering is a “con job” where they trick you into doing something, like wiring money or sharing a password. Both are types of cybercrime, but they require different insurance coverages.
Will my bank pay me back if I wire money to a scammer?
Usually, no. When you authorize a wire transfer, even if you were tricked, the bank has followed your instructions. Unlike credit card fraud, where you have strong protections, it is very difficult to get wire-transferred money back once it leaves your account.
Does my business need this if we don’t use wire transfers?
Yes. Social engineering isn’t just about wires. Scammers can trick you into sending gift cards, changing payroll direct deposit information for employees, or sending confidential tax data (W-2s) that can be used for identity theft.
What is a “sublimit” in an insurance policy?
A sublimit is a cap on how much the insurance company will pay for a specific type of claim. Many cyber policies have a $1 million total limit but might have a $50,000 sublimit for social engineering. This means if you lose $200,000 to a scam, the insurance only pays $50,000. It’s important to check your sublimits with your broker.
Conclusion
Social engineering and funds transfer fraud are the “unseen threats” because they hide behind the faces and voices of people you trust. For a New York business, the financial cost of a single tricked employee can be high enough to end the company. While technology gets better every day, the criminals are also getting smarter using AI and deepfakes. Investing in specialized insurance is the only way to ensure that a simple human mistake doesn’t lead to a total business failure.
Is your business bank account truly protected from a “voluntary” mistake?
Don’t leave your finances to chance. The experts at MKR Specialty Insurance in New York specialize in identifying the gaps in standard cyber policies. We will help you find the right social engineering and funds transfer fraud coverage to keep your business safe from digital con artists. Contact us today for a free cyber risk review and make sure your business has the shield it needs.
