Spoofing Losses Not Covered – Captives Are Better For Cyber Insurance
BUSINESS INSURANCE recently reported that Traveler’s Insurance was not required to pay for losses due to Spoofing (a form of cyber-attack). According to a lower court and a federal appeals court, Traveler’s computer fraud policy had an exclusion that saved the insurer from paying over $700,000 for a cyber loss by a Seattle based seafood company.
As we regularly contend in Captivating Thinking, the issue here is not whether or not the courts were correct in denying the insureds cyber claim. Instead, the issue is why commercial insurance is often a poor choice for cyber risk, and a captive insurance approach can provide a far more robust solution. Commercial cyber / computer fraud policies are layered with exclusions, rendering them worthless in many cases.
What is Spoofing? In writing about the cyber loss, BUSINESS INSURANCE described Spoofing:
[The Insured’s] computer system was hacked in the summer of 2013, according to court papers. The hacker apparently monitored email exchanges between an [insured’s] employee and a [vendor’s] employee before beginning to intercept the email exchanges and sending fraudulent emails using spoofed email domains that appeared similar to the employees’ actual email, for instance by substituting the number 1 for the lower-case i.
The hacker directed the [insured’s] employee in these emails to change the bank account information for [the vendor] for future wire transfers, and the [insured’s] employee complied, resulting in the company being defrauded of $713,890.
To read the article in BUSINESS INSURANCE – CLICK HERE.
Cyber risk is rapidly evolving, and businesses must be vigilant about protecting their systems, data and employees. This emerging threat also requires meaningful employee training. Consider the list of emerging and evolving threats below:
- Data theft
- Data loss
- And the list goes on…
Is this a good time to have insurance that is riddled with policy exclusions?
In addition to vigilance and employee training, small and mid-market businesses need cyber insurance that really works for them and is there when they need it. The customizable nature of captive insurance and ability to reduce or severely limit exclusions makes it a superior approach for many companies.