Your company’s crime insurance policy does little good in helping you recover from one of the biggest crime problems today.
The Ninth Circuit Court of Appeals recently said as much in a case pitting an accounting firm against its insurance company.
The accountants had received two emails from someone purporting to be a client asking for wire transfers of nearly $200,000 to overseas accounts. The firm fell for it and, per the “client’s” request, directed the bank to transfer the money.
It filed its lawsuit after the insurer denied the firm’s claim. The Ninth, however, sided with the insurer.
While the crime insurance policy in question covered losses “resulting from forgery or alteration of a financial instrument by a third party,” the wire transfer e-mails were not financial instruments, the court held.
Moreover, while fraudulent, the e-mails did not trigger the policy’s computer fraud or funds transfer fraud coverages.
The court noted that the accounting firm’s computer fraud coverage required it to demonstrate “an unauthorized “entry into” its computer system and “introduction of instructions” that “propogate[d] themselves” through its computer system.
But the court held that the sending of an email, without more, did not constitute an unauthorized entry into the firm’s computer system.
The crime insurance policy would have covered the introduction of malicious computer code. But the instructions to transfer the money were simply part of several emails, nothing more, the court held.
RELATED: CASE STUDY: WHEN COMPARING APPLES AND ORANGES (AND INSURERS)
All of this, of course, is a huge problem, especially given that the type of fraud involved here – known as social engineering fraud – is one of the fastest growing.
Worldwide losses from this sort of criminal conduct came to at least $1.2 billion last year.
According to FBI estimates, the average loss can range from $25,000 to $75,000. But some instances have cost companies millions of dollars. Toy maker Mattel, for example, lost $3 million in 2015 thanks to a CEO fraud phishing scam.
The four main ways in which social engineering fraud occurs is by:
Companies can take a number of steps to protect themselves – including developing a guide for the handling of sensitive information; training staff on how to recognize the different types of fraud, and making sure that any financial transaction requires more than two authorized signatures before being accepted by your bank.
Finally, there also is a new social engineering fraud endorsement, or add-on, to your crime policy to consider. More carriers are making this coverage available nowadays, covering vendor or supplier impersonations as well as executive and client impersonations.
Like anything else, though, you get what you pay for, so be careful out there.
Andrew Mahoney is a CCIG Insurance Advisor. Reach him at AndrewM@thinkccig.com or 720-330-7925.
An extra word of caution: Whether they’re considering a general liability policy or more specialized coverage, business owners should regularly review their insurance program with their insurance professionals to see whether they have appropriate coverage.Back to Resources