A recent heist robbed two Egyptian banks of $45 million,involved a yet-unknown number of actors in 27 cities around theworld, contained 40,500 fraudulent ATM transactions, and left nofingerprints.

Two Dutch citizens were caught by German authorities last weekfor their alleged involvement in an elaborate cyber-scheme thattapped the United Arab Emirate's National Bank of Ras Al KhaimahPSC (RAKBANK) for nearly five million dollars and Oman's Bank ofMuscat for $40 million.

“I don't know why these banks were targeted in particular, butthe methodology behind these kinds of attacks is to canvasshundreds or thousands of institutions and find the ones with themost accessible vulnerabilities,” says Brian Kenyon, vice presidentand chief technology officer of Security Connected atsoftware-safety company McAfee.

While the banks state that their customers won't suffer afinancial loss as a result of the crime, experts say liabilityfor the theft could fall on the processors of the debit cards usedto perpetrate the crime, and make it difficult for otherfinancial institutions to get cyber coverage.

“From what I've researched and read, the algorithms used by theprocessing companies on these prepaid cards were simplistic andeasy to get,” says Jim Fidler, vice president of Mobile Technologyfor mobile-device security company Parabal. “With basic software and a couple pieces ofinexpensive hardware, you can duplicate cards and alter theirmagnetic data strips.”

To perpetrate the scheme, hackers tampered with prepaid anddebit MasterCards processed by two companies with locations inIndia, which Reuters identified as EnStage Inc. and ElectraCard Services.They manipulated the card's codes to increase their availablebalances and eliminate withdrawal limits, and then passed theinfected codes to thousands of “cashers” who used them to suckfunds from ATM machines.

The attacks were carried out in December and in February, witheach long chain of thefts lasting less than 24 hours each. Themembers most likely communicated via aliases on message boards thatare locked-out to the public, says Kenyon.

Earlier this year, eight men were accused by the U.S. JusticeDepartment of being members of one of the crime scheme's cells.Another alleged member of that cell was found dead in the DominicanRepublic in April.

The plan's ultimate ringleaders are still at large.

Verizon reports that cyber attacks against financialinstitutions represent 37 percent of all breaches, manifesting asstolen debit-card information, personal bank account informationand even customer's names, addresses and social securitynumbers.

According to the company's 2013 Data Breach InvestigationsReport, 61 percent of breaches involve planting skimming devices onATMs to steal magnetic stripe data from payment cards; 16 percentinvolve using stolen usernames and passwords to gain unauthorizedaccess to web accounts; and 15 percent of breaches were carried outby employees abusing access to intranet systems to sell fraudstersprivate information.

As a result, more companies than ever are opting for cyberliability insurance – Marshreports that it saw a 33 percent increase in clients choosing thecoverage in 2012 than in 2011.

However, according to Kevin P. Kalinich, Cyber Insurance globalpractice leader at Aon Risk Solutions, the terms of that coveragebecome fuzzier each time the industry suffers a significant loss.He says that cyber breaches can even extend into Property coverageif business is interrupted as a result of a website shut-down.

“If this was any other industry, like retail, healthcare orhospitality, it would be easier to answer how this event can impactthe availability for cyber coverage in the future; from a financialinstitution standpoint, it can affect crime, professionalliability, general liability and also cyber,” he says.

He adds, “Underwriters didn't anticipate what kind of a world wewould have in 2013 when they wrote traditional property and generalliability policies. They're now scrutinizing policies to excludeperils like hacks…and will tighten up and add exclusions forintangible perils.”

Kalinich concludes, “What companies need to do is take a stepback, and instead of only worrying about what kind of insurance wewill need, get our IT people together with our legal, financial andproduct people to discuss the technical defenses for cyber breach,the liability of a breach, the impact of a breach and how to safelyoffer new services.”