Cyber/Crime/Social Engineering Fraud. . . We are all at risk, but what does it all mean?
While Cyber and Crime coverage are separate, they can be written together with one carrier. These carriers also provide risk management services, web-based training for executives, managers and human resource personnel, model employee handbooks, and weekly articles on current issues.
To help simplify the key areas of concern, outlined below are very basic definitions to help understand the exposures that can adversely impact the assets of your organization. These exposures highlighted below are not addressing employee related acts of dishonesty.
Network and Information security wrongful act: The failure to prevent unauthorized access to or use of electronic or non-electronic data containing identity information. Failure to provide notification of any potential unauthorized access to or use of data containing private or confidential information of others if such notification is required by any Security Breach Notification law. Failure to prevent the transmission of a computer virus to a computer network not owned, leased or under the control of your organization.
Cyber and privacy policies cover a business’ liability for a data breach in which the firm’s customers’ personal information, such as Social Security or credit card numbers, health and medical information, is exposed or stolen by a hacker or other criminal who has gained access to the firm’s electronic network. The policies cover a variety of expenses associated with data breaches, including: notification costs, credit monitoring, costs to defend claims by state regulators, fines and penalties, and loss resulting from identity theft.
Costs to consider: Cost to determine scope of the breach, costs paid as compensation to the individual(s) or entity as a result of the breach, fees, and expenses to comply with law or any regulation, taxes, fines, penalties, expense to replace, upgrade or maintain a computer system.
Computer fraud means an intentional and unauthorized/fraudulent entry of data or computer instructions by someone other than an employee or individual under the direct supervision of the insured, and changes made via the internet that cause money or other property to be transferred, paid or delivered. An unauthorized or fictitious amount to be debited or credited. Direct loss of money, securities or other property caused by computer fraud.
An intentional, unauthorized and fraudulent instruction transmitted by electronic means, voice, electronic mail, electronic text, to a financial institution directing such institution to debit an account and to transfer, pay or deliver money from such account and was submitted by someone other than an employee without the insured’s knowledge or consent.
EMPLOYEE: Any Natural person whose labor or service is engaged by and directed by the insured organization, including full-time, part-time, seasonal or temporary workers, volunteers, students, interns or leased employees to the insured organization.
Social Engineering Fraud/Funds Transfer
When an employee is intentionally misled into sending money or diverting a payment based on fraudulent information that is provided to them in a written or verbal communication such as an email, fax, letter or even a phone call.
How does this happen? This surprisingly successful fraud happens every day to unsuspecting employees when receive a message that appears to be from a legitimate vendor, client or supplier that contains a variety of requests and information. In many cases, the fraudster has infiltrated an email conversation and has been able to obtain the client, vendor or suppliers signature section to make it appear even more legitimate. Some even amend phone numbers in the email panel, so a call back to a phone number would be directed to the fraudster, who would of course verify the information.
Examples of Chubb claims are attached. Chubb and Travelers are both quoting this coverage as an additional endorsement under the crime policy. Please complete the application so we may test the market and provide you with a quote.
Let’s discuss the coverage in more detail once we receive your completed applications and quotes from the carriers.
Roseanne Gedman, CPCU, CRM, CIC
Schechner Lifson Corporation