Cyber Crime: What is it and How is it Covered on your Cyber Insurance Policy?

In 2024, a CFO of a large Chinese firm was tricked into transferring 25 Million to a hacker that posed as his superior and two other colleagues on a zoom call. The deep fake zoom meeting was convincing enough for the CFO to transfer the funds without double checking with anyone. Everyone he needed to check with was supposedly on that call...

Cybercrime is when you get tricked into giving your money or assets to a hacker.

Cybercrime poses a significant threat to businesses and individuals alike. While having cyber insurance is crucial, some policies may have sublimits that fall short of providing adequate coverage for these types of cyber crimes, leaving policyholders exposed to substantial financial risks. Others have call back provisions that void coverage if you don't make a call confirming the wire transfer, creating gaps in your coverage.

Definition of Cyber Crime:

The definition of cyber crime in these policies includes charges resulting from a Telecommunications Hack, as well as loss of money or digital currency resulting from Social Engineering Attacks, Reverse Social Engineering Attacks, or Transfer of Funds Loss.

• Telecommunications Hack: Unauthorized infiltration and manipulation of the insured's telephone or fax system.
• Social Engineering Attack: Manipulation or deception of authorized individuals to transfer funds to unintended third-party recipients.
• Reverse Social Engineering Attack or Invoice Manipulation: Use of a computer system to deceive clients or vendors, resulting in the transfer of money intended for the insured to another entity.
• Transfer of Funds Loss: Loss of funds resulting from the transmission of fraudulent instructions to a financial institution.

Insufficient Sublimits and Financial Risks:

Insufficient sublimits allocated to these types of cyber crimes can leave policyholders exposed to significant financial losses, as cyber attacks continue to evolve and cyber criminals devise new methods to exploit vulnerabilities.

Mitigating Risks and Ensuring Adequate Coverage:

To address these risks, policyholders should review their cyber insurance policies with an expert, assess the adequacy of sublimits assigned to different types of cyber crimes, and engage with insurers to modify policy terms and ensure comprehensive protection.

Actions to Ensure Adequate Coverage:

1. Conduct a comprehensive risk assessment.
2. Review policy definitions and sublimits.
3. Consult with insurance professionals.
4. Customize coverage to specific needs.
5. Stay informed and updated on the evolving cyber threat landscape.

Other Considerations:

If buy a cyber policy online from an online retailer like Vouch, you may be focusing on the wrong numbers. Online cyber retailers may give you a inexpensive solution, however, you may have sublimits that leave you grossly uninsured.

Recently, I saw a policy where someone thought they had $1mil in coverage only to find out they had a $250K sublimit for ransomware. Be sure to work with a qualified cyber agent even if you are just looking to get Soc 2 compliant. You can often get full coverage limits for similar pricing as online cyber retailers.

Cyber insurance policies play a vital role in protecting against financial losses resulting from cyber crime. However, insufficient sublimits can leave policyholders exposed to significant risks.

By understanding policy definitions, assessing sublimits, and actively engaging with insurers, businesses and individuals can ensure they have comprehensive coverage that addresses the evolving.

If you made it this far, you've become a cyber insurance master, so congratulations. Be sure to subscribe to get more exciting cybersecurity and cyber insurance content. :)

Hungry for more cybersecurity content? Check out the 14 steps to protect your business' data.