Is Spoofing Covered Under Crime or Cyber Insurance?

Headlines practically write themselves these days. A company was duped into sending money to some unidentified party, be it hacker collective or nation-state or individual. Spear-phishing is not a new technique in the cyber war. In fact, it’s one of the oldest criminal techniques on the internet. Seems like only yesterday that we were all being told that a wealthy Nigerian Prince had decided to give us his fortune; all that was required was our bank account and routing info.

How the criminals get in is highly dependent on the given situation and parties involved. Most of the time, it involves email. Hacking an email server is as simple as sending a link to all known employees and getting just one to click on it. End-users are the weak link in cyber security and hackers know this. After an employee clicks on the malicious link, the hacker has everything they need to exploit the email server. Typically, they will monitor the email exchanges to learn names, dates, numbers, etc. — all which can be done in a matter of minutes. Knowing that a big deal is closing next week and the names of the closing attorneys, a hacker can easily convince a low-level accountant to wire money into an unauthorized account.

Back to the title of this blog post, so if and when this happens — what insurance policy pays for it? Surely, it’s covered under Crime Insurance? You have coverage for “wire fraud,” yes? Yes, you do. And, if not, it must be covered under Cyber Insurance. You have coverage for “cyber crime,” yes? Yes, you do. The answer may surprise you: both policies can cover it and both policies can exclude it. It all comes down to what was intentionally designed from the outset by your broker and what was offered by your insurance carrier. In recent days, it’s also coming down to court decisions — which are not consistent.

On the cyber insurance side, there are equally as many conflicting claims — many still in pending litigation. The denied claims are frequently due to the insured’s failure to investigate or monitor money transfers and/or their willing participation (even unknowingly) in the transfer. Most cyber insurance underwriters view social engineering claims as better suited for coverage under crime insurance. Not surprisingly, many crime insurance underwriters think the coverage belongs on the cyber form.

As with all insurance programs, trying to find coverage in the grey or silent areas is a bad idea. Much better to understand your risks and work with a broker that can help you address those risks properly and clearly.

Related posts:

We received the intro/outro for our podcast and we are happy with it. Below are the links to the audio. Take a listen and let me know what you think. I continue to work on the podcast and make more…

Karel mengdongakan kepalanya, atensinya berpindah ke seseorang disampingnya yang membawa kotak bekal berwarna biru khasnya. Itu punya Karel “Makasih ya Kak, hehe. Kalo kamu ga ngingetin, kayaknya aku…

One article I read came from a book titled The Educator’s Guide to Emotional Intelligence and Academic Achievement: Social-Emotional Learning in the Classroom. The chapter I used in my research was…