With cyber attacks it is not a matter of if, but when you or your company will be targeted. In the event a cyber attack is successful, you could lose everything. The worst part is your insurance may not cover the attack, especially with cases involving wire transfer fraud and business email compromise. Insurance companies are becoming notorious for fighting against paying in these cases, so it is imperative you take the steps necessary to ensure you are insured.
Proper Insurance Coverage Features
The first step is to make sure your insurance plan has the correct features necessary to potentially get coverage for BEC losses. The majority of business insurance plans will all have the same general basic coverage features such as Business Owner’s Policy, Commercial Auto, General Liability, Property, and Workers Compensation. None of these features cover business crime.
You need to make sure your business has a policy that covers Business Crime, Forgery, and Computer Fraud. These are labeled differently by the various insurance companies, so you will have to read the fine print to identify which coverage features encompass computer crime. These features are often not included in standard insurance plans, so you have to make sure to go through all the optional features as well and add the one(s) that encompass cyber attacks.
Business and Computer Crime Insurance Policies
Standard business and computer crime policies will protect businesses from events such as robbery, employee theft, embezzlement, forgery, computer fraud, and funds transfer fraud. You would think wire transfer fraud through business email compromise would easily fall within one of these policies, right? Wrong.
There is a growing list of cases dating back to around 2010 of insurance companies fighting claims involving wire transfer fraud through BEC. A perfect example originates in none other than Houston, Texas back in January, 2016. AFGlobal Corporation lost approximately $480,000 to a standard BEC scam, but was denied coverage. The scam involved a combination of a fake executive email and fake lawyer instructing an employee to wire money to a Chinese bank account linked to a prospective Chinese acquisition. Still confused as to why AFGlobal’s insurer, Chubb, refused to cover the loss?
As outlined by Orrick, AFGlobal sought reimbursement for the loss of its own funds under its forgery coverage, computer fraud coverage, and funds transfer fraud coverage. Chubb argued the forgery coverage was not triggered because there was no forgery of a financial document. They also claimed the computer fraud coverage was inapplicable because no computers were hacked, as the fake emails were sent from a lookalike email account rather than the actual executive account. Finally, Chubb claimed the funds transfer fraud coverage was not implicated as AFGlobal itself transferred the money rather than a scammer claiming to be AFGlobal.
The insurer claimed that the forgery coverage was not triggered because there was no forgery of a financial instrument as required by the provision. The insurer also argued that the computer fraud coverage was not implicated because the loss was not caused by hacking into a computer. Finally the insurer contended that the funds transfer fraud coverage was inapplicable because the wire transfer instructions were issued to the bank by AFGlobal itself rather than by a fraudster claiming to be AFGlobal.
Unfortunately, most insurance disputes regarding BEC cases have ended with the insurance companies winning, leaving the scammed companies out of millions at times. Even in other cases where a company computer or profile was hacked, they’ve still lost their cases if the money lost was their clients. This is most common with banks that have been scammed. The insurance companies involved have argued their policies only cover the company’s own money, not money they were managing for others.
In more recent cases, judges have begun to side with the scammed companies over the insurance companies. While this bodes well for future rulings, you should also discuss your policy with your insurance representative. Get some form of presentable verification that their policy will cover you in the event of a loss due from BEC and wire transfer fraud. If they are unwilling to cooperate, it might be time to look for a new insurance provider.
In the event your business does suffer from a scam, you need to properly document all loses to for your insurance claim, to have the best chance at success. If you have been the victim of an email compromise scam, call McCann Investigations at (800) 713-7670. We will provide a free consultation and outline the steps you and your response team need to take to gather and maintain the evidence you need to pursue litigation or an insurance claim. We can also explain the critical use of an licensed investigator to perform the forensic investigation and provide an objective opinion on the origination and scope of the compromise scam.
Contact Dorothy Filippov, Certified Fraud Examiner, at McCann Cyber: (346) 400-6554.