Many organizations have commercial crime and cybersecurity insurance policies, but are finding out they may not be fully covered if their employees fall for phishing scams.
Criminals have recently started targeting employees’ trust by using phishing attacks to trick the employees into transferring the company’s money or other financial information.
In a common phishing scam, an employee receives an email that appears to be from an individual or business partner they know and trust. The employee is then conned into transferring the company’s money to the malicious third party.
As insurance companies face a growing number of losses because of cyberattacks, insurers are pushing back looking to exploit gaps and narrow their coverage to limit their exposure.
Insurers are contesting coverage by saying that the fraudulent payments were “authorized” by employees and therefore not covered. The issue is being litigated in courts across the country.
Organizations may believe that a loss due to a phishing attack should be covered by existing crime or cybersecurity policies, but are learning there is a potential coverage gap.
Any organization that has, or intends to purchase, commercial crime and/or cybersecurity insurance should undertake a comprehensive coverage review to spot these and other potential gaps in their insurance programs.
Chivaroli and Associates Insurance Services is a full-service brokerage firm specializing in the custom-design and placement of insurance and alternative risk funding solutions for your healthcare organization.