Close

+1 (888) 982-9248 info@techassure.com

Archive for category: Cyber Crime

by

Cyber Attacks and Bodily Injury

Today’s cyber attack (still working it’s way through networks, at the time of this post) on the UK’s NHS has resulted in many hospitals and doctors’ offices remaining closed, as they cannot access the networks and IT systems they rely upon to provide care. This will undoubtedly result in patient injuries (being exacerbated and causing further harm) and possibly death. BBC reporters have cited sources saying:

“Absolute carnage in the NHS today. Two Hyperacute stroke centres (the field I work in) in London have closed as of this afternoon. Patients will almost certainly suffer and die because of this.

“Had a patient that needed urgent neurosurgery referred, but unable to look at scans – stroke care is absolutely dependent on IT systems and joined up systems.”

This type of attack appears to be ransomware related to the NSA’s leaked toolkit from last month’s breach. While ransomware is a growing nuisance, many companies have yet to protect themselves from these types of hackings. Even still, even the best IT security standards can be penetrated by smart cyber criminals using social engineering. Further, most companies have still yet to include cyber insurance in their portfolio of risk management policies.

So, will a cyber attack resulting in bodily injury caused by ransomware or social engineering be covered by cyber insurance? The devil is in the details, unfortunately. Many cyber policies do not cover ransomeware or claims generated from social engineering incidents. Other policies, like Crime and General Liability, may offer minimal coverage at best, but most have been written to exclude cyber-caused incidents. To further complicate the situation, bodily injury (which is typically covered by General Liability) is often excluded explicitly under cyber policies.

The solution is to make sure you buy the right cyber insurance policy to begin with. If you have an exposure to bodily injury, make certain you have placed coverage with a carrier that offers this on their cyber policies (there are a few). Your broker can also make sure the cyber policy “dovetails” with your General Liability policy to ensure that you’re not duplicating coverage, but you’re also covering the gaps as well.

Find a broker that knows how to 1) access your cyber risk to determine what coverage is necessary and 2) design a program that addresses your cyber risks. As a bonus, most cyber insurance policies include a variety of risk management services, like breach coaches and access to cyber professionals to help you – if and when you get hit with an attack.

by

Cyber Insurance: Not just for consumer-facing businesses

Post originally published by TechAssure-member: Plexus Groupe

The wide range of cyber risk faced by businesses continues to be in the news.

In a story published recently, The Wall Street Journal reported that a growing number of manufacturers have begun to secure cyber insurance.

According to the Journal, manufacturers paid about $37 million in cyber coverage premiums last year, per data from Advisen, an increase of 89 percent from 2015. Also, per BusinessInsurance.com, cyber threats were a top concern of more than 90 percent of the top 100 publically traded manufacturing firms in 2016, according to findings from accounting firm BDO USA LLP.
Read More

by

Guest Post: Two New Cyber-Focused Crime Endorsements

Data-Breach31One of the challenges in designing a comprehensive cyber insurance program lies in the fact that cyber risks are not easily contained within the insurance industry’s pre-defined “boxes.” Cyber risks can affect virtually all lines of insurance, and, yet, most of these insurance policies were never designed to cover such risks. There can often be a sizable grey-area between insurance policies when trying to piece them together. One area that is particularly fraught with peril (pun intended) is cyber crime.

Theft of money has historically been addressed by a crime insurance policy. However, crime policies have historically not offered any coverage for certain cyber crimes. Two new (ISO) endorsements are now available (as of Nov 2015) and seek to address some of these issues. 

We would like to thank Stuart Powell and the IIANC for allowing us to duplicate their post on these new endorsements. 

*********************************************************************

 

Internet crime is not just about data breach losses. While data breach losses are significant and can result in considerable financial damage to businesses and individuals, the internet can be used to commit old fashioned crimes such as the theft of money. Two new ISO Crime Insurance endorsements became available in November of 2015 of which agents should take note.

Fraudulent Impersonation – CR 04 17 11 15 is designed to be used with the Commercial Crime Coverage Policy or Form. (It can also be used with the Government Crime Coverage Policy or Form.) It fills a gap between the traditional crime coverages and newer cyber or data breach coverages.

Traditional crime insurance coverages have not had an Insuring Agreement that would recognize this exposure. The endorsement addresses two groups of people who could be fraudulently impersonated, i.e., “employees” and/or “customers” and “vendors.” The exposure, however, is the same. There would be coverage if the “named insured” receives, in good faith, an instruction to transfer “money”, “securities” or “other property” from a scheduled persons described above ‘but which “transfer instruction” proves to have been fraudulently issued by an imposter without the knowledge or consent’ of the scheduled person(s).

An example of this exposure would be an email purporting to be from the scheduled person authorizing a transfer of money. The transfer is made and, later it is discovered that the email was not from the person from whom it purported to be. The endorsement is not media specific so the “transfer instruction” could be in any form, electronic or otherwise.

One obvious loss control for this type of exposure is “verification.” This would entail a confirmation of the instruction before the transfer would be made. The endorsement has three options that may be selected.

  1. Verification is Required For All “Transfer Instructions”
  2. Verification is Required For All “Transfer Instructions” in Excess of a Specific Dollar Amount
  3. Verification Of “Transfer Instructions” Is Not Required

The degree of verification would have an impact on underwriting and pricing.

It is not difficult to see the value that this coverage could have to a business. Not only would it provide indemnification in the event of a loss, it highlights the value of verification and the potential for loss avoidance.

Include Virtual Currency as Money – CR 25 45 11 15 is designed to incorporate virtual money into the definition of “money” for coverage purposes. This endorsement is also designed to be used with the Commercial Crime Coverage Policy or Form. (It can also be used with the Government Crime Coverage Policy or Form.)

The current ISO Crime Insurance Coverage Policy or Form has an exclusion for virtual money. This endorsement amends the exclusion to except, and therefore provide coverage for, virtual currency to the extent scheduled on the endorsement. The endorsement schedule provided the option to select Employee Theft and/or Computer and Funds Transfer Fraud Insuring Agreement. It provides for a sublimit of insurance for each of the insuring agreements and requires a declaration of the name of the virtual currency and the exchange on which the virtual money is negotiable.

The endorsement describes virtual currency to include, but is not limited to, digital currency, crypto currency, or any type of electronic currency. An example of this type of currency would be “bitcoin.” Wikipedic refers to bitcoin as a “digital asset.” It is a peer-to-peer internet exchange of value. It does not require a governmental medium of exchange such as a central bank currency. Some use the term crypto currency. Bitcoin is a unit of value held in an account which can also be used to purchase item much like a debit card.

Since the value of a bitcoin is not backed by a governmental central bank, the determination of its value is not the subject of public exchange rates. Therefore, the endorsement requires the exchange to be used for valuation in the event of a loss be scheduled on the endorsement.

Both of these endorsements indicate an incremental movement towards addressing cyber exposures beyond data breach that are emerging from the “internet of things.” Stay tuned for there is surely more to come.

Post Originally Appeared on IIANC’s Blog. Reproduced with Author’s Permission.

stuartStuart Powell, CPCU, CIC, CLU, ARM, ChFC, AAI, ARe, CRIS, has over 40 years experience in the industry, both as an independent agent and as IIANC’s resident insurance guru for the last 20 years. A valuable resource for IIANC members providing technical information, Stuart is well-known across the country for his vast insurance knowledge. He regularly teaches for numerous insurance organizations and is on the national faculty for the Society of Certified Insurance Counselors.

Questions? Contact Stuart at spowell@iianc.com or 888-275-8914.