A narrow interpretation of a crime insurance policy by the courts could mean there is a disconnect in the insurance coverage the policy actually covers.
An employee at Apache Corporation got a phone call from individual who said they represented a vendor of the company.
The caller wanted Apache to change the bank account information for its payments to the vendor. At first, the change request was denied but the individual sent email correspondence with a letter attachment stating the bank information change would take “immediate effect.”
An Apache employee verified the number provided on the letterhead and concluded that the change-request was authentic. Apache transferred funds to the “new” bank account but was notified by the vendor they had not received the roughly $7 million. It turned out the request was not legitimate.
Apache recovered a portion of its payment from its deductible but wanted to recover the balance from the insurer under their policy’s computer fraud coverage.
They were denied by Great American Insurance Company who said the loss did not directly result from the use of a computer.
In Apache Corp. v. Great American Insurance Company, the U.S. 5th Circuit Court of Appeals adopted a narrow interpretation of the policy.
The court said the loss was not the result of “direct” use of a computer, rather the email was one step in a multi-step fraud scheme.
What this means
The narrow judicial interpretation of the crime policy “computer fraud” provisions may not be sufficient to address anything other than a direct hack of a computer system.
As hackers continue to evolve their tactics to exploit individuals, you may want to consider adding extensions onto your existing crime policy to make sure you have the broadest coverage.
Chivaroli and Associates Insurance Services is a full-service brokerage firm specializing in the custom-design and placement of insurance and alternative risk funding solutions for your healthcare organization.