Friedman Group
  • About Us
    • Careers
    • Privacy
  • Services
    • Business
    • Employee Benefits >
      • Share To Compare
    • Financial Services
    • Personal
    • Specialty Insurance
  • AP Blog
  • Pay Online
  • Contact
  • About Us
    • Careers
    • Privacy
  • Services
    • Business
    • Employee Benefits >
      • Share To Compare
    • Financial Services
    • Personal
    • Specialty Insurance
  • AP Blog
  • Pay Online
  • Contact

Welcome to The Friedman Blog

Do commercial crime policies cover cyber crimes?

1/8/2020

 
Commercial Crime Policies
In some instances, a commercial crime insurance policy may offer coverage for a loss due to a cyber-attack. The 11th U.S. Circuit Court of Appeals in Atlanta has ruled that an insurer must indemnify a policyholder that was scammed out of more than $1.7 million in a phishing incident under its commercial crime policy.
​
The decision is good news for companies who have not purchased cyber insurance but have commercial crime policies.

This is at least the third precedent-setting case in which a court has ruled that a commercial crime policy can cover losses "directly" resulting from computer fraud.

Crime insurance companies, when denying hacking claims that resulted in monetary losses, will often argue that hacks and phishing scams are "indirect" losses, which are not covered by their commercial crime policy because someone on the outside duped an employee into transferring funds to a third party.

In the most recent case, an employee received an email purported to be from the company's managing director, directing her to write $1.7 million to an account at a Chinese bank. The communication said she would receive instructions in an email from an attorney. When she did, she initiated the transfer.

Before the bank issued the wire, its fraud unit intervened and held the money transfer. The controller contacted the "attorney," who confirmed that the managing director had approved the transaction. Upon receiving that information, the bank released the wire.  Unfortunately, it was all a fraud, and the managing director knew nothing about it.

After the fraudulent request was discovered, the insured filed a claim under its commercial crime policy, but the claim was denied.  The insured subsequently sued the insurer, and the local court ruled in its favor. The insurer appealed, but the appeals court upheld the lower court's ruling.

In rejecting the insurer's argument that the loss did not result directly from the fraudulent instruction, the court found that the ordinary meaning of the phrase "resulting directly from" requires proximate causation between a covered event and a loss, not an immediate link. The court held that as a matter of law, there was proximate cause, and the intervening communications, including the bank's hold, were not sufficient to sever the causal chain.

This decision follows two 2018 rulings by federal appellate courts - the Second Circuit in Medidata Solutions, Inc. vs. Federal Insurance Company, and the Sixth Circuit in American Tooling Center, Inc. vs. Travelers Casualty & Surety Co. - which ruled that the insurers' policies in both cases covered losses "directly" resulting from computer fraud.

In the American Tooling case, the court wrote that the policy language did not distinguish between frauds based on how they induce a transfer.
 
What to do
  • Educate employees on how to recognize phishing scams and other suspicious emails.
  • Invest in the latest security measures.
  • Set up stricter protocols for paying large sums to new accounts.
  • Review your crime coverage and any policy relating to computer, business email compromise, or social-engineering fraud to see if you are covered.
  • If you do suffer a breach and loss, promptly notify all potentially implicated lines of insurance coverage.

Comments are closed.

    Categories

    All
    Compliance
    COVID 19
    Cyber
    Employee Benefits
    Personal Insurance
    Property Casualty
    Risk Management
    Wellness
    Workers Compensation

    Archives

    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018

The Friedman Group
501 Bell St.
Dubuque, IA 52001
Phone: (563) 556-0272
Home
Business Insurance
Employee Benefits
Personal Insurance
Financial Services
Contact

AssuredPartners
An AssuredPartners Agency
In February 2020, The Friedman Group joined AssuredPartners, the 11th largest insurance brokerage in the U.S. This partnership provides us access to additional capital and a national footprint that enables us to continue to negotiate the most favorable coverage terms and conditions for our clients, and allows us to provide an even broader spectrum of risk management support services. ​
© 2022 The Friedman Group, Inc.  Privacy Policy.