Introduction
Most people have heard of cyber insurance. News of cyber breaches grace the headlines almost weekly these days. But are you really covered for all types of thefts committed using the latest technology? The answer is probably not, especially if you aren’t purchasing crime insurance. Let’s take a look at what you’re covered for under a cyber and crime policy.
Cyber Insurance and the Theft of Data
Cyber gets plenty of shine as one of the hottest insurance products on the market. Cybercrime events lead the headlines frequently. Many states are enacting special response regulatory guidelines. Due to this activity, insurance carriers responded by creating one of the broadest products on the market. While every insurance policy is different, what does it actually cover? A comprehensive cyber program should cover your directs costs and liability to a 3rd party after a cyber event. Some of these direct costs can include:
- Event management costs which include costs for forensics services, notification expenses. Includes call center costs, legal services, identity monitoring and engaging a PR firm as well.
- Costs to recover and restore lost data corrupted or destroyed after a computer attack.
- Cyber extortion costs including the expenses for consultants and the demand
- Business Interruption reimbursement for loss of income and extra expenses to get up and back running after a cyber event that causes your system to fail or the failure of computer system maintained by a vendor.
Despite the broad language in cyber policies, gaps in coverage still exist. Next we’ll take a look at crime insurance.
Crime Insurance and the Theft of Money
With cyber getting all the shine, many overlook the need for crime insurance. Crime insurance has evolved to cover much more than employee theft as bad actors have become more sophisticated. Crime insurance is fundamentally designed to cover the theft of money. It covers the more traditional methods of theft including robbery, burglary, and forgery. But honestly, criminals are now committing these crimes from the comfort of their own home. Traditional crime insurance continues to expand to cover new types of theft as technology rapidly changes. Policies now cover fraudulent instructions sent electronically or physically (telephone, fax, etc.) instructing banks to transfer your company funds to another account.
Crime Insurance, Social Engineering and Using Stolen Information to Steal Money
Nowadays, bad actors are passing the bank and giving fraudulent transfer instructions directly to employees. Most people believe their employees would never fall for such a scam. These schemes are more common than you would think and often very successful! Essentially, criminals are using a virus, phishing or other traditional hacking methods to steal information. The stolen information will allow them to pretend to be an authorized employee to instruct others to make transfers.
This scheme has many names including social engineering, cyber crime, computer crime, spear phishing etc. Basically, social engineering is the place where cyber and crime meet. While coverage for cyber crime is available under both crime and cyber policies by request, most underwriters agree that social engineering is just a new method for theft of money. Crime insurance policies specifically cover only the theft of money. Some examples of the type of scams potentially covered under the social engineering coverage are:
- Bad actor hacks into the CEO’s email and sends an urgent message to the approved person to make transfers requesting funds transferred to an account for a top secret deal.
- Cybercriminal collects publicly available information to impersonate an executive and instructs an individual to make a transfer of funds.
- Employee inserts an infected storage device into a local network that allows the criminal enough access to information to enable the transfer of funds.
- Employee responds to a seemingly legitimate email and voluntarily provides enough sensitive information that allows someone to pose as that person to initiate a funds transfer directly or through another employee also known as phishing.
Takeaways
In this era, every company has some sort of cyber and crime exposure. Cyber and crime insurance experts agree, it’s not if it’s when. Make sure your insurance program is broad enough to cover any type of cyber attack regardless of the method or what was stolen. The best way to do that is purchase both a cyber and crime with social engineering policy.
