May 23, 2019

May 22, 2019

Subscribe to Latest Legal News and Analysis

May 21, 2019

Subscribe to Latest Legal News and Analysis

May 20, 2019

Subscribe to Latest Legal News and Analysis

Business Email Compromises – Covered by Insurance?

A cyber-criminal hacks into your company’s network, takes control of the CEO’s email account, and sends instructions to the CFO to transfer monies to a given bank account. The CFO, believing he is acting on orders from the CEO, does it. Only the next day does he learn that the CEO had nothing to do with the email. By then, of course, the money is gone.

This scam, known as a business email compromise (BEC), is on the rise. The FBI reports that there have been more than 22,000 BECs since 2013, with combined losses in excess of $3 billion. There have been victims in all 50 states and over 100 countries. One recent victim, Ubiquiti Networks, Inc., lost $46.7 million!

Computer, Business Email Compromises

Not surprisingly, BECs raise a host of insurance issues. The latest reminder of that comes in a case filed recently in federal court in Texas – Quality Sausage Company v. Twin City Fire Insurance Co., No. 17-cv-00111 (S.D. Tex. 2017). There, QSC’s Chief Administrative Officer received an email that appeared to come from a client, instructing her to send $1 million to a bank account out-of-state. She did it. Two days later, when the fraudster attempted to trick her again with a similar email, she called the client and learned that the client had not instructed either transfer. Ouch. QSC sought coverage from its carrier, Twin City Fire, which denied the claims. Not accepting that answer, QSC filed suit.

While it is too early to know how the QSC/Twin City Fire dispute will play out, similar cases have been springing up all around the country over the last several years with mixed results. Many commercial policies will not cover BECs because the insured (though duped) wired the funds voluntarily. Cyber policies may cover BEC’s, but as is always the case, it depends on the policy. In a 2015 survey by the Betterley Report, only 8 of 31 leading cyber insurance providers covered fraudulent wire transfers.

This is a rapidly evolving area to which insurers and policyholders alike should be paying attention. And, if you take nothing else from this blog post, remember this – if you receive an email instructing you to transfer money, talk to the sender in person or by phone before releasing the funds. Always better safe than sorry.

Copyright © 2019 Godfrey & Kahn S.C.

TRENDING LEGAL ANALYSIS


About this Author

Kendall W. Harrison, Commercial Insurance Litigator, Godfrey Kahn, Law firm
Shareholder

Kendall Harrison is a commercial litigator who regularly handles insurance, reinsurance and class action matters. In recent years, his practice has taken him from California to New York and many points in-between. Whether in court or before an arbitration panel, Kendall strives to zealously represent his clients while recognizing that scorched-earth litigation is not necessarily the best solution to a dispute.
 
Kendall has tackled numerous reinsurance arbitrations and his insurance-related class action practice has ranged from defending against massive suits...

608-284-2627