Theft (via Cyber Attack) Covered by General Liability?

[TGART]

Hi All,

Looking for some guidance here for a client. Their finance dept was fooled by an email coming from an employees email account which had been broken into. They replicated fairly a fairly standard request for payment though this went to an account owned by the criminals. What's your experience in getting this covered in a standard Commercial Liab policy as theft?

Thanks!!

 

[cgreene]

This is where cyber insurance comes into play. The GL policy will cover some if your lucky.

 

[TGART]

Yea, that's what I'm hoping - the theft of money's coverage will kick in. They have internet insurance, though it pertains to the theft of their clients data, not someone phishing and making a fake wire request from an internal source. With any luck the GL will cover a portion and the umbrella the rest. Expensive lesson for sure... needless to say, they're now reviewing their security protocols.

 

[kristophmarsh]

Certainly won't be covered by a standard general liability policy. I wouldn't expect it to be covered by the theft section of a business package or property policy either, unfortunately.

The best option for having something like this covered is either through a commercial crime or cyber liability policy. If your client is a typical small or medium business, it's unlikely that they'll hold either of these coverages stand-alone; however, you never do know. They'll certainly be thinking about it after running into this!

For clients concerned about these types of exposures, I'd consider taking a look at Management Liability (ML) policy. Most ML policies include some level of crime coverage, and with a bit of luck, it will cover first and third party theft.

To give you an idea of what I'm talking about, I took a look at the crime component of the AIG PrivateEdge wording (UK). The policy covers an insured for "financial losses" resulting from "dishonest acts" by any employee or third party. A "third party" is defined as anyone who isn't an employee.

Quite broad coverage I must say! You'd just need to convince the insurer that it's the insured that suffered the loss and not the employee.

Alternatively, cyber coverage would be worth a look. But if you could figure out a way to acquire both in a ML product, now that would be something!

 

[BigIVU]

The CGL provides coverage for third party claims, not the theft of your own money. The ISO Commercial Crime program has Computer Fraud coverage and the just introduced a form some insurers have been making available for theft by impersonating an employee. There are also cyber policies that should cover this.

 

[EObroker]

There is a specific coverage designed to cover this exposure and it is called Cyber Deception and/or Social Engineering. It can be added via endorsement to a Crime or Cyber policy depending on the carrier. I have been able to cover it both ways for multiple different industries, and have multiple claim examples that can be disscussed. I can help walk you through placing this coverage, as well as provide a product specific brochure for you and your clients. Please free to reach out to me at any time. All the best, Ant!