Con artists have been increasingly busy the past couple of years convincing employees of companies and financial institutions to transfer funds to accounts masquerading as those of legitimate vendors or business partners. Perpetrators impersonate company executives and vendors, using electronic communications and information obtained through social engineering to induce company employees to authorize requested payments. Such fund transfers can range from a few thousand dollars to many millions.
Executive Summary
As businesses fall prey to con artists who electronically trick unsuspecting employees into authorizing payments in the thousands and millions of dollars, insurers and courts are sorting out which policies will pay for the losses—crime or cyber. Sedgwick’s Laurie Kamaiko provides an overview of the coverage debate and court rulings to date, which turn on policy provisions referring to “fraudulent entry,” “direct loss,” “use of any computer to fraudulently cause a transfer” and “fraudulent instruction,” among others.These events have sparked a debate in the insurance industry: Should crime policies and fidelity bonds cover the loss, or are these cyber events to which cyber policies should apply? In addition, when professional services firms are the target and client funds are involved, professional liability policies can also come into play.
Many insurers are starting to draft coverage grants or exclusions that expressly address this risk. The trend appears to be to move the risk more—but not exclusively—to crime coverages.
Meanwhile, the issue facing many insurers and their policyholders is whether any of their array of insurance products is triggered by such events under their current wordings, whether or not such coverage was intended. The answer usually turns on the specific wording of the policies, as well as the particular factual circumstances of the scam.