Fallout from Computer Fraud and Funds Transfer Fraud

Two huge reasons why crime insurance is needed

Computer FraudTravelers Insurance put out an excellent bulletin that describes the financial threats posed by funds transfer fraud and computer fraud, and the need for specialized Crime Insurance Coverage.  The Travelers coverage version, wrap +, includes coverage for both electronic funds transfer and computer fraud.

Eye-opening facts

  • According to a survey by Computer Security Institute, the average financial loss due to computer fraud was $289,000.  The average loss due to funds transfer fraud was $500,000.
  • Pfishing scams, Trojans, key loggers and other techniques allow hackers to gain control of online banking transactions and to circumvent normal online authentication controls.
  • Internal controls such as antivirus software, firewalls, and employee training are critical, but not enough for 100 percent protection.
  • Specialized Financial Insurance coverages should be purchased to protect against this risk.

Examples of Electronic Funds Transfer Fraud Claims

  • The bank of a victim company allegedly sent a letter explaining a new security program.  A company received an email that appeared to be from the bank explaining a new security program. An employee opened the email, allowing a Trojan virus access and read keystrokes from the company’s computer. The perpetrator then obtained banking and password information.  A fraudulent electronic wire transfer was initiated and the company lost $683,000.
  • The finance director of a company opened an attached zip file in an email that contained a virus.  The user ID and password to the company’s bank  account was obtained through code inserted by the virus.  A fraudulent electronic wire transfer totaling $147,000 was initiated by criminals from the company’s bank account to an unknown bank account in Arizona.   The immediate withdrawal was unrecoverable.
  • A payroll supervisor logged on to the payroll account for the company and noted that three payments totaling $704,632 had been wired from the account. The transactions were reported to the bank as unauthorized and the account was shut down.  Unfortunately, $238,781 of the loss was not recovered.

Examples of Computer Fraud Claims

  • An employee of a customer  hacked into a company’s website and changed the bank routing and account numbers to her own.  When the company paid her employer for services rendered, she fraudulently received the funds in her account.
  • A former employee used his supervisor’s password to enter the insured’s unlocked building and gained access to use the supervisor’s computer.  Using the bank routing number, he activated transactions to receive fake reimbursements allegedly made to the company’s customers.

Source: Travelers Bond & Financial Products, Bulletin, 11-09

2.00 avg. rating (51% score) - 2 votes
Categories: Breach Of Security, Crime, Risk Management, Technology
Cyber Liability Insurance

Insider hacking poses huge cyber risk

Insiders account for most cyber theft losses

Outside hackers, whether domestic or part of criminal gangs in Eastern Europe and Asia, get most of the media attention. However, a bigger cyber risk is inside jobs by a company’s own employees. These crimes account for 70 percent of all security incidents that result in losses, according to some sources.

This is known as authorized access for unauthorized use.

Disgruntled or simply dishonest employees, independent contractors, or employees of independent contractors may steal confidential information such as credit card numbers, bank account information, or proprietary information such as trade secrets or intellectual property.

Most Cyber Liability policies only cover unauthorized access by outsiders. Make sure that your policy also covers authorized access for unauthorized reasons.

For a assistance determining your coverage needs, please call us at 800-622-7370

 

Source: Do You Need Coverage For Cyber Risks? The John Liner Letter, Vol. 43, No. 7, June 2006.

 

3.00 avg. rating (67% score) - 1 vote
Categories: Breach Of Security, Crime, Cyber Liability

Risks in Our Digital Information Economy

Defending digital assets against cyber crime

Anyone with access to a computer, tablet or smart phone can buy goods online, pay electronically and request information from corporate networks. Business websites that don’t have proper management and security systems in place provide entryways to the valuable information they have amassed.

 The data companies spend years gathering is a valuable business asset – and even a small gap in security can pose a huge risk. Cyber criminals waste no time figuring out new ways of exploiting weaknesses in the technologies that businesses spend billions of dollars on to stay ahead in the e-commerce world.

 E-criminals

 Tech-savvy criminals recognize the value of digital information and look for ways to steal it. They commit their crimes by exploiting security hiccups in corporate systems or by using malicious code to infiltrate computer networks. Smart phone and wireless technologies are being utilized by wider numbers of people, presenting increasingly tempting targets. What were once attacks on operating systems are now attacks on apps, database software, and even antivirus programs. Their motivation is simple: go where the money is. The confidential information these business amass provide a nearly infinite source of illicit profits for e-criminals.

Malware

One tactic e-criminals take is to leave behind bits of code called Trojan horses that track the keystrokes of the user to steal passwords, social security numbers, credit card numbers and other confidential information. Criminals are also able to control the systems of huge groups of personal computers by infecting them with malware. They cover their tracks by using thousands of personal computers to launch such attacks. Once discovered and shut down, they simply move on to another group of computers.

These threats are major concerns for both businesses and consumers. Companies that depend on the Internet for their livelihood can be devastated by attacks that shut down their web sites. Companies depending on seasonal sales can’t afford a malfunction or shutdown at the wrong time, as evidenced in the Target hack during the 2013 Christmas season. Such security breaches can result in huge financial losses in damage repair and lost business from gun-shy from consumers and clients.

 What businesses can do

A Technology Insurance policy costs almost nothing in comparison to the financial devastation from which it will protect your business.Seven out of 10 small businesses that experience a major data breach fail within one year. Don’t let that happen to you.

Call us at 800-622-7370 so we can help you assess your level of risk. In just minutes you’ll learn how our affordable Cyber Risk Insurance can protect your business from e-criminals and loss of property.

3.00 avg. rating (67% score) - 1 vote
Categories: Breach Of Security, Crime, Cyber Liability, Tech Insurance

Escalating threats from digital exposure

Vigilance required to combat ever-emerging risks

News broke of what is currently the biggest collection of stolen digital information to date. As more and more industries and businesses become more information-based, the information value and ease with which it is transmitted creates new risks. Criminals apparently never lack for creative ways to turn stolen data into profits, finding increasingly sophisticated ways to collect personal and proprietary information from corporate networks.

Fallout from stolen information

Failure to adequately protect sensitive information can result not only in lost sales and customers, but in claims and lawsuits for the losses sustained by customers and the general public. Fears about privacy and identity theft have resulted in state and federal legislation regarding the collection, management and protection of sensitive data. These new regulations have had a significant impact on businesses, which now face heavy fines and lawsuits in the event of security failures. Businesses also risk damage to their reputations because of laws requiring require them to publicize such breaches.

Realize the value of your information

Criminals look at corporate websites as gateways to massive information from which they can profit. While businesses spend billions of dollars to strengthen their security, criminals stay one step ahead, developing new methods of attack. Companies spend years, or even decades, gathering data. This data is an extremely valuable asset that must be protected. Businesses can no longer depend on traditional insurance policies to protect against technology risks. Most insurers exclude electronic theft from their standard policy forms. To deal with these risks, businesses need coverages specifically aimed at the inherent risks of our digital economy.

In upcoming articles I will discusses the vulnerable areas that require diligent attention by business owners, tips for improving security, and what the insurance industry is doing to help protect against these ever-evolving risks.

If you would like assistance in assessing coverage to protect your business or have questions regarding your current coverage, please call us at 800-622-7370

0.00 avg. rating (0% score) - 0 votes
Categories: Breach Of Security, Crime, Loss Control, Risk Management, Theft

Data Breaches Growing Rapidly

Tech Companies Uninsured

Over the past several years, there have been over 225 million reported consumer data breaches. This year alone, there have been more than 30 million reported security breaches of consumer data. No one knows the actual numbers since it is suspected that most security breaches are unreported.

Most tech firms and regular businesses with exposure don’t have insurance to cover this expensive peril. Liability for the following categories of expenses are common in these breaches of security:

  • Class action lawsuits
  • Regulatory fines, fees, penalties
  • Statutory notification expenses

Tech companies that collect confidential information or assist clients in doing so must make sure that their Professional Liability/Errors & Omissions policy is specially endorsed to respond to breach of security lawsuits. Non tech companies with exposure must make sure that their Cyber Liability policy does the same.

Source: S.H. Smith & Company, Inc. E Bulletin, 10-19-08

4.00 avg. rating (77% score) - 1 vote
Categories: Breach Of Security, Errors & Ommissions, Professional Liability, Tech Insurance

Proactive Data Security

It’s the key to protecting your bottom line

Businesses can no longer afford to treat data security as just another problem for the IT department. It’s now a mission-critical issue for the executive suite. Companies that fail to adequately protect personal information not only run the risk of lawsuits and legal penalties, but also severe and potentially fatal hits to their bottom line.

Top executives and risk managers must recognize that the dangers posed by theft of personal data have escalated sharply in terms of financial liability and the potential for irreparable damage to a company’s reputation.  The loss of confidence in a company’s ability to properly manage confidential information can jeopardize the survival of its business. A well-known credit card processor was dropped by several major credit card brands after a security breach in its system exposed millions of consumer accounts to possible fraud.

Legislative changes

As consumers grow increasingly worried about identity theft and Internet-based fraud, Congress has set stricter standards for protecting personal and corporate data with privacy legislation. Examples are the Gramm-Leach-Bliley, Health Insurance Portability and Accountability (HIPAA) and Sarbanes-Oxley Acts. In addition, the state of California now requires businesses to notify customers when their personal data has been exposed to potential misuse. The costs of notifying tens of thousands of customers can be significant, but inconsequential compared to the potential loss of consumer confidence and goodwill.

Along with new legal standards, companies must confront increasingly sophisticated attacks from computer criminals. The threat has escalated from teenage hackers bent on virtual vandalism to organized criminal gangs seeking to steal sensitive information and hijack corporate systems for their own use. Many are operating out of Eastern Europe and Asia beyond the reach of U.S. authorities.

Steps to take

Modern businesses run on digital data. Securing that data is an essential part of corporate risk management today.To protect themselves, businesses need to take a proactive approach to data security and information management that recognizes the significant financial, legal and reputation risks involved. It is critical that senior executives and risk managers take a leadership role in building privacy and information security into the culture of their organizations. As a first step, businesses need to formally inventory all of the data housed on corporate systems, classify it accordingly to value and sensitivity, and then take adequate measures to secure it. Recognizing that these information security and privacy exposures can also pose a significant threat to the balance sheet, companies need to protect themselves financially by seeking risk transfer options as part of their overall risk management program.

If you have questions or would like assistance determining your insurance needs, please call us at 800-622-7370.

 

4.00 avg. rating (77% score) - 1 vote
Categories: ACE Articles, Breach Of Security, Cyber Liability