CRIME AND CYBER COVERAGE

MAKING SURE YOUR COMPANY IS COVERED

As cyber insurance becomes the norm for many companies, there is growing confusion concerning the differences between crime and cyber coverages.

IN SHORT: Crime policies cover the direct loss of your funds, whether through maleficence, employee dishonesty or social engineering whereas cyber policies cover economic damages arising through a failure of network security or privacy controls which may cause indirect losses.

Even as cyber criminals and their tactics become more complex, the majority of cyber and cyber-crime attacks are executed via social engineering.

Employees remain the greatest area of concern, whether via willful acts or negligence.

Significant risk arises specifically from employees who are the target of social engineering scams.

CLAIM EXAMPLE CRIME:
An unknown party impersonated the insured’s bank, contacted the insured’s funds transfer administrator, and convinced them to activate a computer link back to the fraudulent bank. This then allowed the impersonator to contact the insured’s real bank, pretend to be the insured, and have wire transfers issued that ultimately ended up with a Russian bank resulting in loss of $30,000.

CLAIM EXAMPLE CYBER:
Several employees of a hospitality company discovered when filing taxes that their taxes had already been filed. The company engaged a “breach coach” and a forensic expert for technical analysis. The investigation determined an HR executive inadvertently downloaded malware that extricated W2 information impacting over 10,000 past and present employees. The company provided written notification to all effected parties and provided two years of complimentary credit monitoring, and engaged a PR firm to assist with talking points and management of social media.