In Part 1 of this cyber insurance post, we shared some of the components of typical cyber insurance programs. There are additional coverages relating to the use of computers and technology that are more relevant to crime policies. Be sure to discuss the following with your insurance adviser.
If a computer is used to steal money, securities or other property, a crime policy rather than a cyber policy is likely to apply. Following are some examples.
Computer Fraud: coverage for the direct loss of money, securities, and other property resulting from a computer violation, such as a person other than an employee gaining unauthorized access to your computer system.
Fraudulent Instruction: coverage for financial loss resulting from the insured’s financial institution paying or transferring money out of the insured’s account based on fraudulent third-party instructions to do so.
Telecommunications Fraud: coverage for financial loss resulting from unauthorized third-party access and use of the insured’s telecommunications services (e.g., VOIP).
Criminal Reward: coverage to pay a reward for information that leads to the arrest and conviction of individuals committing illegal acts related to coverage under your policy.
Deception Fraud (Social Engineering) Coverages
Deception fraud coverage applies to the loss of money—and sometimes also securities or other property—resulting from a person purporting to be an employee, vendor or client tricking an authorized employee into transferring such money to a bogus account. This is not a standard crime insurance policy coverage and must be added by endorsement. Some of the terms contained within these coverages include the following.
Social Engineering: the psychological manipulation of people to trick them into performing actions or divulging confidential information that may set up a fraud scheme.
Pretexting: a social engineering technique in which a fictional situation is created to obtain personal and sensitive information from an unsuspecting individual. It usually involves researching a target and making use of his or her data for impersonation or manipulation.
Spear Phishing: the fraudulent practice of sending emails ostensibly from a known or trusted source to induce targeted individuals to reveal confidential information.
Phishing: The fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.
A Changing Cyber Landscape
One thing is certain about cybercrime: it is evolving continually. Risk managers should make sure their insurance program keeps pace. Hylant has a dedicated cyber practice whose members specialize in this area of risk and how to manage it. Contact your local Hylant office if you would like to speak to someone about your program.
The above information does not constitute advice. Always contact your insurance broker or trusted adviser for insurance-related questions.