It wasn’t long ago that once we deposited money received for goods and services into our bank account, we were able to sleep comfortably knowing that our money was safe. After all, vaults and the security surrounding them were so secure that breaking into was left to the imagination of Hollywood producers. But with the dawn of the technology age has also come the era of cyber heists with unknown and unseen actors hacking into computers and fooling people into parting with their hard earned cash.
There a number of ways that a business can insure for these risks. But, as is common in the world of insurance, coverage is dependent on a number of factors including how the crime was perpetrated.
Adding to the confusion is the term “cyber” which leads to misunderstanding that all crime committed with a computer is covered in the same way. It is not.
Crime policies have been available in the market for years. Most insureds are more familiar with the term Employee Dishonesty and ERISA bond which are only part of what can be covered by a Crime policy. I want to address two additional insuring agreements that are available on Crime policy and the new Social Engineering Fraud agreement that is available from some carriers.
The first of these is Computer Fraud. This part of the crime policy is intended to coverage a loss when the instruction received by the financial institution to transfer money from one account into another or to a location outside of the premises, is fraudulent. Typically the customer would have no knowledge that money has been transferred from their account until they review their account or statement.
The next is Electronic Funds Transfer. As is the case with the Computer fraud , this agreement requires that an electronic , telegraphic, cable, teletype or telephone instruction be fraudulently sent to the financial institution directing the transfer of money from the account.
The important part of both of these definitions, for purposes of this article is the instruction is fraudulent.
That is different from Social Engineering Fraud. In this scheme, the account holder (financial institution customer) is tricked into believing that the transaction that they, the customer, are sending to the financial institution to transfer money is legitimate. In other words, the instruction being sent to the financial institution is correct. This type of fraud is increasingly common. Bad actors are drafting emails to trick people into believing that they are being instructed to transfer money from their account usually by someone in authority at their company.
In considering this insurance it is important to understand how these terms are defined in the policy rather than assume that all things computer related and cyber mean the same in every instance.