Cyber Insurance and Social Engineering Fraud, Why Voluntary Transfers May Not Be Covered By Your Insurance Policies
In the last few years, many companies have purchased cyber liability insurance to help cover their risk of computer fraud or attack. However, not all cyber insurance policies are created equal and these policies may have significant coverage gaps if they are not properly negotiated.
One of the more common and costly coverage gaps is the lack of coverage for “voluntary transfers.” There are many variations on this scam but essentially, the CFO receives what appears to be a real email from a client or vendor asking the CFO to wire money to an account. The email often looks completely real and, in fact, is often the result of a hacker breaking into the client or vendor’s system, allowing the hacker to send messages from the client or vendor’s actual email address.
Only after wiring the money (often multiple transfers and increasingly larger sums) does the CFO learn that he or she has become a victim of fraud.