In recent years, hackers and cyber-thieves have been developing new techniques to infiltrate insureds’ bank accounts. Early phishing scams were fairly easy to spot: a request from a Nigerian prince or a link purported to take you to your bank’s customer service center were tell-tale signs of suspicious email traffic. It was recommended to never click on the link and delete the email immediately. In response to the masses becoming more aware of these red flags, thieves have countered with more sophisticated attacks, such as CEO Fraud, also known as Social Engineering Fraud. Social engineering is defined as “psychological manipulation of people into performing actions or divulging confidential information.” 1
Here are some examples of what CEO Fraud or Social Engineering Fraud might look like:
An email, purportedly from the CEO, is sent to the firm’s accounting department authorizing an urgent payment to a new vendor with a bogus bank account number. Not wanting to disappoint the CEO, the amount is transferred only to find out the CEO never requested any new vendor payments. Hackers might follow a CEO or CFO’s social media posts to see when they are traveling to make verbal confirmation more difficult for the target.
After months of monitoring transactions from accounts payable to a foreign vendor, hackers create a fake email address that is similar to that of the foreign vendor. They then use the fake email address to inform an accounts payable representative that the bank account number has changed and to please send payment to the new account number. Often, the company will only be aware of these fraudulent payments when the real vendor follows up for payment. By then the money is unrecoverable.
CEO Fraud is now a $5.3 billion dollar business, up from $2.3 billion in 2016 according to the FBI. Twenty five percent of U.S. victims respond by wiring money to fraudulent accounts. In an effort to recoup these losses, insureds are looking to their crime policies for reimbursement for their losses. Specifically, they are looking to the Funds Transfer Fraud (“The company shall pay the parent organization for direct loss of money sustained by an insured resulting from funds transfer fraud committed by a third party”) and Computer Fraud (“The company shall pay the parent organization for direct loss of money sustained by an insured resulting from computer fraud committed by a third party”) insuring agreements.
Unfortunately, under the CEO Fraud scenario, funds are transferred willingly, with the insured’s knowledge; therefore, claims are declined under the Funds Transfer Fraud insuring agreement. Similarly, under the Computer Fraud insuring agreement, the carrier can argue that coverage has not been triggered as the fraudulent payment instructions came into the company via email, and email by its nature is an authorized entry. Another method used is the Voluntary Parting Exclusion, which excludes coverage when an insured willfully parts with title to, or possession of, any property.
Cyber carriers are beginning to offer policy enhancement endorsements that affirm sublimited coverage for CEO Fraud or Social Engineering Fraud. The wording to look for which confirms coverage may look similar to this:
“The Insurer will pay the Insured Entity for Social Engineering Fraud Loss resulting directly from a Social Engineering Fraud Event, in excess of the applicable retention and within the applicable Limits of Insurance.
It is a condition precedent to coverage under the Social Engineering Fraud Coverage that the Insured attempted to Authenticate the Fraudulent Instruction prior to transferring any Money or Securities.”
How we do we address this increasing risk as an industry? Traction is gaining and more carriers are beginning to extend coverage by endorsement, albeit under sublimits, in both Crime and Cyber lines. Even these small improvements show signs of progress in the industry. By discussing this issue with insureds, retail agents and brokers can provide added value by urging them to educate their employees and set protocols for verifying large or frequent transfers.
This article was co-authored by Brandyn Surprenant and Mikkel Vogele of AmWINS Brokerage in Chicago, Illinois.
Legal Disclaimer. Views expressed here do not constitute legal advice. The information contained herein is for general guidance of matter only and not for the purpose of providing legal advice. Discussion of insurance policy language is descriptive only. Every policy has different policy language. Coverage afforded under any insurance policy issued is subject to individual policy terms and conditions. Please refer to your policy for the actual language.
(c) 2017 AmWINS Group, Inc.
As the healthcare industry remains on the front lines of battling the COVID-19 pandemic, staying abreast of the changing landscape and how the insurance market is adapting is critical to ensure new exposures are covered and renewals are successfully placed. In this article, our specialists share what they are seeing in the Healthcare and Senior Care markets, tips for risk control and mitigation, and how to get the best results for insureds.
The disruption to business and everyday life caused by the coronavirus (COVID-19) pandemic is resulting in an economic impact for insureds. Much of this disruption is likely not covered by insurance. We have consulted with several AmWINS insurance specialists across the Property, Casualty and Professional Lines sectors and offer a COVID-19 update.
Over the last few years, the legal cannabis industry has seen rapid growth and had a significant impact on the U.S. economy. With states continuing to legalize its use, insurance needs for cannabis-related businesses are becoming a popular topic of discussion. This article examines the evolving cannabis industry by exploring five key issues impacting coverage.
Construction contract negotiations, which determine the kind and amount of insurance required for a construction project, can be time-consuming, complicated and frustrating. Project owners require contractors on a project to name the project owner as an additional insured on the contractor’s casualty insurance program. It's important that both project owners and contractors understand the coverage provided by these additional insured endorsements. This article discusses four common ISO additional insured endorsements related to commercial general liability policies purchased by contractors, including their limitations, conditions and exclusions.
Parametric insurance is an innovative product that functions differently than traditional insurance by covering the impacts of an event and not just losses sustained to an asset. Proceeds of the policy are paid quickly and can be used flexibly to cover any expense associated with the triggering event. Coverages can be designed to capture the impacts of natural perils and other forms of non-damage business interruptions such as future epidemics. Learn how the parametric landscape has and will continue to play a major role in improving coverage and the recovery experience.
The theories of recovery, as well as the ensuing loss provisions, contained in property insurance policies are often complex and, at times, seemingly in conflict. Although a policy may not directly address these theories, their application by courts plays a significant role in the coverage determination process after the claim. It is essential that brokers understand the primary theories of recovery – Efficient Proximate Cause, the Concurrent Causation Doctrine, and the Anti-Concurrent Causation Doctrine – in order to navigate the challenging post-claim process and effectively serve their clients.