At Stahlka Agency, we pride ourselves on being proactive partners to the businesses we serve. But I need to speak candidly, because there’s a serious threat hitting too close to home, and I’m deeply concerned.
We’ve seen an alarming spike in cyber-related claims, particularly involving phishing scams and social engineering. Smart and successful companies are being duped into wiring tens, sometimes hundreds of thousands of dollars to criminals posing as vendors or internal executives. Once the money is gone, it’s usually gone for good.
It’s gut-wrenching to take those calls, especially when we learn that the company had internal protocols in place… but didn’t follow them.
The Anatomy of the Scam
Here’s what happens: a convincing email arrives. It looks like it’s from a known partner or someone on your leadership team. It contains new wire instructions or an urgent payment request. Someone in finance, doing their job and trying to be efficient, executes the transfer.
Days later, they find out they’ve been tricked. The email was fake. The money is unrecoverable. And the bank’s response is often some version of: “Sorry. There’s nothing we can do.”
The Insurance Gap That Most Don’t See Coming
What makes this worse is that most traditional policies offer no protection:
– General Liability doesn’t apply.
– Crime insurance often excludes this type of fraud.
– Umbrella policies won’t help if the underlying coverages exclude it.
These are expensive lessons, and we’ve seen too many businesses learn them the hard way.
What Every Business Must Do Now
If you’re wiring money as part of your operations, and almost every business is, you need two things immediately:
1. Internal Controls: At minimum, that includes multi-factor authorization for financial transactions and dual-approval processes. If one person can move large sums without a second set of eyes, you’re vulnerable. And just having procedures on paper isn’t enough—you need to follow them every single time.
2. Robust Cyber Insurance: Specifically, a policy that includes coverage for social engineering and fraudulent instruction. Not all cyber policies are created equal, so it’s critical to get this right.
Take a time-out today.
Sit down with your team. Review your protocols. Revisit your training. Talk through your real-life risk. Do it before it’s you.
We’re Ready to Help, And We’ve Invested in the Best
At Stahlka, we don’t just sell policies, we invest in expertise. Our cyber risk specialist, Bryan Kaminski, is one of the best in the business. He holds advanced designations like CIC, CRIS, MLIS, and CCIC, and is a graduate of the Cyber COPE Insurance Certification program at Carnegie Mellon University, as well as Chubb’s National Cyber Training. He works directly with our team and clients to build strong, forward-looking solutions.
Don’t Wait Until It’s Too Late
If you’re unsure whether your coverage protects you, or whether your internal controls would stand up under pressure, reach out to your Stahlka representative today. We’ll help you assess where you’re vulnerable and give you the tools to prevent the unthinkable.
Let’s stay ahead of this together.
— Mark Stahlka
CEO, Stahlka Agency
“These bad actors are incredibly sophisticated. They study your organization, your vendors, your tone, your timing, and then strike with precision. They only need you to slip once. That’s why strong protocols and the right coverage aren’t optional anymore, they’re essential.”
— Bryan Kaminski, CIC, CRIS, MLIS, CCIC
Cyber Risk Specialist, Stahlka Agency