Most people today would agree you’re now more likely to get ripped off electronically than you are physically. Smartphones, wearable technology, and lightning-fast internet speed have made many elements of our lives easier and more efficient. But, the inventions, and often our dependence on them, have also opened the door to electronic theft — or cyber crime.
In February 2011, I was interviewed by a news station in Des Moines, KCCI, about commercial insurance claims involving computer fraud. In these claims, a computer virus would enter the network of a business, usually through email, and an employee would unknowingly release the virus when the email was opened. The virus contained a keystroke program which remembered username and password data for critical websites, like online banking. Once the username and password were obtained, the thief set up a series of Automated Clearing House (ACH) transfers below the threshold monitored by the financial institution. Multiple transfers were then scheduled for a Friday in a week where the bank was closed the following Monday due to a holiday. The ACH transfers were made, and the bank or business owner didn’t realize the money was gone until the Tuesday after the holiday. Bad day! So, who’s responsible?
Commercial insurance coverage is available for the scenario I described, but it’s not typically provided automatically. Check your policies and have the conversation proactively so you’re not the one having the bad day.
Fast forward now to 2016 and cyber crime has changed just as rapidly as technology. The previous example was computer fraud, but what about a case where money is freely given away? In the insurance world, this would be referred to as “voluntary parting.” In many cases, a loss or claim which involves the voluntary parting of property (including money) is excluded.
We’re now seeing and hearing about cases multiple times a month where a vendor, supplier, or even company executive is impersonated and an employee in the Accounting Department freely transfers funds.
Before you say “Wow, that would never happen to me!”, consider the sophistication of today’s thief. If someone can access your network system, could they see your calendar to identify when an executive is traveling or view your email to find correspondence about an acquisition or equipment purchase? Once information is obtained, a fraudulent email is often sent which looks identical to the correct email with only one or two letters transposed. Instead of using the letter “b,” an “I” and “o” are used together in the email. They look very similar if you’re reading fast. Now how confident are you about flagging the fraudulent request for money?
Like the computer fraud scenario from 2011, insurance coverage is available for cyber crime cases involving voluntary parting, but not many insurance carriers are providing the protection. It’s important to have the discussion about the policies you buy — or could buy — and make an educated decision.
In a recent discussion with a client where we talked about the new risks of cyber theft, the owner smiled and said, “Wow, maybe we should just revert back to talking on the phone or meeting face to face.” Though technology brings many advantages, maybe your team should just have an “old-fashioned” conversation about today’s cyber crime tactics and how to best avoid, reduce, or transfer the risk of it to your organization.
Because “thinking ahead” is our business, Holmes Murphy can help! Let us know if you have questions or concerns. You can comment below or contact us directly. Don’t let that “bad day” happen to you!