It has come to our attention that some businesses lack sufficiently comprehensive cybercrime insurance coverage, leaving them unnecessarily exposed to cybercrime losses for which they assume they are insured.
What is Cybercrime?
Cybercrime is a serious and increasing threat for individuals and businesses large and small. Cybercrime is any illegal activity that uses a computer, network, or networked device to fraudulently obtain funds from a victim, the victim’s bank, or funds intended for the victim. A common example is the compromise or interception of business email or a business computer, which lacks adequate authentication measures, by which criminals gain access to a legitimate business or personal computer or email account and then use the information gained to send fictitious messages that appear to come from a known, legitimate source. For example, the hacker may direct funds transfers from the victim’s bank to their own account or manipulate invoices or messages to direct vendors or banks to pay funds into the hacker’s account instead of the victim’s account.
Does My Cyber Insurance Protect Me?
To combat the threat of cybercrime, businesses purchase “cyber insurance” policies, which we highly recommend. However, cybercrime policies do not necessarily provide comprehensive coverage and are not always easily understood, even by insurance brokers. Popular cyber insurance policies offer various endorsements to cover different types of cybercrime. One is a “funds transfer fraud” endorsement, but this usually only covers situations where the hacker directs someone in the business or its financial institution to transfer funds from an account in the insured’s name. This is necessary, but insufficient as it generally does not cover the situation where the hacker changes instructions to an insured’s vendor and instructs the vendor to pay the invoice by wiring money to the hacker’s bank account instead of the insured’s. To protect against this type of cybercrime, insurers commonly offer – and businesses need to purchase – a different endorsement for “invoice manipulation.” This endorsement differs from the “funds transfer fraud” endorsement, because it generally covers “the release or distribution of any fraudulent invoice or payment instruction to a third party as a direct result of a [cyber]security failure.”
Sufficient Coverage
Businesses also need to purchase sufficient overall coverage limits and limits for each endorsement. For example, the limit for “funds transfer fraud” and “invoice manipulation” endorsements should be large enough to cover the largest invoices or series of invoices that the insured is likely to issue. If not, you risk losing the balance of that invoice payment to a hacker. Additionally, you and your broker should check the riders closely, as some cyber insurance policies contain riders that significantly reduce coverage for certain situations, for example, in the event of a ransomware attack.
What Should I Do?
We recommend you review your cyber insurance policy with your broker, ask questions, and confirm that you have coverage for funds transfer fraud and invoice manipulation – as well as any other likely cyber threats, and that your policy and endorsement limits are large enough to adequately cover how your business actually functions. Usually, these policies and endorsements are not excessively expensive and offer critical insurance against unfortunately increasingly common cyber threats.
For further assistance please contact your primary Golenbock attorney or the attorneys listed below:
Michael S. Devorkin, Partner, Litigation
(212) 907-7348
Email: mdevorkin@golenbock.com
Kelsey J. Davis, Associate, Litigation
(212) 907-7309
Email: kdavis@golenbock.com
Golenbock Eiseman Assor Bell & Peskoe LLP
Golenbock is a Manhattan-based business law firm with a broad-based practice that offers corporate, complex litigation, labor & employment, real estate, reorganization, intellectual property, tax, and trust & estate expertise. The firm provides high value, sophisticated counsel and representation for its domestic and international clients while maintaining a hands-on, personalized approach to all matters.
Golenbock represents private equity and venture funds, individual entrepreneurs and investors, and companies in a wide variety of businesses ranging from start-ups to Fortune 500 companies, with a specific focus on the mid-market segment. The firm and its attorneys have achieved recognition by the leading lawyer rankings organizations-Chambers, Best Lawyers, and Super Lawyers.
Golenbock is a member of the Alliott Global Alliance, which was named to Band 1 of global law firm alliances by Chambers Guides, the prestigious international legal survey. AGA, which numbers 218 firms in 97 countries on six continents, helps member firms partner with others in countries around the globe.
Golenbock uses Client Alerts to inform clients and other interested parties of noteworthy issues, decisions and legislation that may affect them or their businesses. A Client Alert should not be construed or relied upon as legal advice. This Client Alert may be considered advertising under applicable state laws.
© GEABP (2024)