Business Email Compromises – Covered by Insurance? | The National

Trending News

Pregnant Workers Fairness Act Final Regulations Released

It’s the Final Countdown – The Final PWFA Regs Are Here

Corporate Transparency Act – Continued Developments

Healthcare Preview for the Week of: April 15, 2024 [Podcast]

SCOTUS Declines to Review New York City’s Rent Stabilization Law

Trending in Telehealth: April 2 – April 8, 2024

New CFIUS Rules to Enhance Enforcement and Investigation Activities

Chanel Seeks Permanent Injunction Against WGACA

EPA Finalizes National Primary Drinking Water Regulation for Certain PFAS

GeTtin' SALTy Episode 26 | Catch-up with Jared Walczak at the Tax Foundation, with a Focus on Property Tax Relief

Kendall W. Harrison

Email

608-284-2627

Bio and Articles

Business Email Compromises – Covered by Insurance?

by: Kendall W. Harrison of Godfrey & Kahn S.C. - Insurable Interests

Thursday, February 9, 2017

Print Mail Download

i

A cyber-criminal hacks into your company’s network, takes control of the CEO’s email account, and sends instructions to the CFO to transfer monies to a given bank account. The CFO, believing he is acting on orders from the CEO, does it. Only the next day does he learn that the CEO had nothing to do with the email. By then, of course, the money is gone.

This scam, known as a business email compromise (BEC), is on the rise. The FBI reports that there have been more than 22,000 BECs since 2013, with combined losses in excess of $3 billion. There have been victims in all 50 states and over 100 countries. One recent victim, Ubiquiti Networks, Inc., lost $46.7 million!

Computer, Business Email Compromises

Not surprisingly, BECs raise a host of insurance issues. The latest reminder of that comes in a case filed recently in federal court in Texas – Quality Sausage Company v. Twin City Fire Insurance Co., No. 17-cv-00111 (S.D. Tex. 2017). There, QSC’s Chief Administrative Officer received an email that appeared to come from a client, instructing her to send $1 million to a bank account out-of-state. She did it. Two days later, when the fraudster attempted to trick her again with a similar email, she called the client and learned that the client had not instructed either transfer. Ouch. QSC sought coverage from its carrier, Twin City Fire, which denied the claims. Not accepting that answer, QSC filed suit.

While it is too early to know how the QSC/Twin City Fire dispute will play out, similar cases have been springing up all around the country over the last several years with mixed results. Many commercial policies will not cover BECs because the insured (though duped) wired the funds voluntarily. Cyber policies may cover BEC’s, but as is always the case, it depends on the policy. In a 2015 survey by the Betterley Report, only 8 of 31 leading cyber insurance providers covered fraudulent wire transfers.

This is a rapidly evolving area to which insurers and policyholders alike should be paying attention. And, if you take nothing else from this blog post, remember this – if you receive an email instructing you to transfer money, talk to the sender in person or by phone before releasing the funds. Always better safe than sorry.

Current Legal Analysis

USPTO Proposes New PTAB Practices in Latest Notice of Proposed Rulemaking

by: Alexander P. Wharton

United Nations Unanimously Adopts the First Resolution on Promoting Safe, Secure, and Trustworthy Artificial Intelligence

by: Seiko Okada, M.D., Ph.D. , Dr. Christian E. Mammen

Divided 9th Circuit Says District Court Has Power to Adjudicate TM Applications

by: Sofya Asatryan

Amendment to China’s Company Law (1): Contribution of Capital and Authorized Capital Concept

Supreme Court Rules Discriminatory Job Transfers Need Not Produce “Significant” Harm to be Actionable Under Title VII

by: Nigel F Telman , Evandro C Gigante

More from Godfrey & Kahn S.C.

Update: NLRB General Counsel Issues Guidance on Confidentiality and Non-Disparagement Provisions in Severance Agreements

by: Peter L. Albrecht

Immigration Roundup February 20 2023

by: Gene T. Schaeffer, Jr.

The Vanishing Safety Zone: DOJ Withdraws Long-Established Healthcare and Information Sharing Guidelines with Far-Reaching Implications

by: Sean O'D. Bosack , Christie B. Carrino

OSHA Issues COVID-19 Emergency Temporary Standard for Health Care Workers and Guidance for All Workplaces

by: Aaron P. McCann

5 Takeaways from EEOC Update to Employer Vaccination Guidance

by: Rebeca M. Lopez , Sarah K. Mueller

As Local Mask Mandates Expire, How Should Employers Respond?

by: Rebeca M. Lopez , Sarah K. Mueller

Attention Hotel Operators: Have You Been Served with an ADA Website Reservation System Lawsuit?

by: Jonathan T. Smies , Matthew J. Stoiber

Indian Nations Law Update - May 2021

by: John L. Clancy , Brian L. Pierson

What’s your vaccination status? Key legal considerations before asking your employees about theirs

by: Paul J. Covaleski , Sarah K. Mueller

Use of Trademarks in the U.S.

by: Nicholas A. Kees , Alexander C. Lemke

Upcoming Legal Education Events

Jun

4

2024

FinTech and Securities Trading Platforms

May

15

2024

Capital Connect: Finance & Funding in Life Sciences

May

14

2024

Harmonizing TSCA Consent Orders with OSHA HCS 2012

May

7

2024

FinTech and Employment Law

Print