According to Lockton, commercial insurance clients who experience a cybercrime should be prepared to provide their insurance carrier with copies of communications evidencing the fraudulent instructions; Communications and other documentation establishing that the funds were not received by the proper party; Communications to and from the transferring and receiving banks, including confirmation by the banks that the funds cannot be recovered; Law enforcement reports and other documentation of the incident. (Photo: Rich H Legg/Free Use Image/ALM archives) According to Lockton, commercial insurance clients who experience a cybercrime should be prepared to provide their insurance carrier with copies of communications evidencing the fraudulent instructions; Communications and other documentation establishing that the funds were not received by the proper party; Communications to and from the transferring and receiving banks, including confirmation by the banks that the funds cannot be recovered; Law enforcement reports and other documentation of the incident. (Photo: Rich H Legg/Free Use Image/ALM archives)

Business email fraud is among the fastest-growing and most potentially damaging of cybercrimes, according to the FBI. That agency note that in 2021, its Internet Crime Complaint Center received reports of business email crime scams with losses exceeding $2.4 billion.

It follows that a new Lockton publication titled "Fraudulent Instruction Loss: How Crime and Cyber Insurance Policies Intersect" suggests that commercial insurance clients need detailed advisement regarding the relief and limitations of specific insurance policies should they become victimized by an internet-driven fraud.

"It is important that policyholders carefully review their policies and understand what is and is not a covered loss under a specific policy," write authors Paul Lynch, a vice president at Lockton, and Jessica Klein, one of the firm's senior analysts. "In some instances, the coverages… may be combined into a single insuring agreement."

The article explains that traditional crime insurance is designed to reimburse the insured in the result of a loss resulting from a criminal act (such as robbery or forgery) perpetuated by an employee or third party. This insurance typically includes coverage for:

  • Fraudulent instruction emails, which are sometimes called social engineering frauds or corporate deception frauds): Covers loss of money and securities caused by a bad actor tricking a policyholder's employee into sending money or securities by pretending to be a customer, client, vendor or another employee authorized to direct funds.
  • Computer fraud/computer hacking: Covers loss caused by a bad actor gaining access to a policyholder's network, or its bank's network, and redirecting funds, securities or property elsewhere.
  • Funds transfer fraud: Covers loss caused by a bad actor tricking a policyholder's bank or financial institution into transferring money or securities to the perpetrator by pretending to be the policyholder.
  • Employee theft: Covers loss of money, securities or property sustained by a company due to employee theft or forgery. The policy language can be broad enough to cover employee theft that is carried out via social engineering and fraudulent instruction methods. Employee theft coverage limits frequently exceed social engineering limits.

While some cyber insurance policies cover such crimes, "a number of carriers… will not provide cybercrime coverage at all," Lynch and Klein write. What's more, "cybercrime insurers typically do not offer cybercrime coverage to large organizations."

Those that do, however, may also provide "invoice manipulation coverage" for a crime perpetuated with the use of an insured's computer network or assets.

To fill any coverage gaps, "organizations should consider — if they have not already done so — purchasing the coverages described above in their crime policies as well as excess coverage that follows the cybercrime coverage. Because crime policy limits are sometimes higher than cyber policy e-crime coverages, a crime policy can be the single largest source of recovery for a fraudulent instruction incident," according to the Lockton article.

Should an insured be the victim of a cybercrime, most insurance carriers want to know an incident response team is in place to quickly research the incident and respond to security weaknesses.

"If a network compromise is suspected, it is critical that breach and forensic response services be engaged by or with the consent of the cyber carrier immediately," the Lockton article states. "This allows a root cause analysis to be performed and the threat to be eliminated."

NOT FOR REPRINT

© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.