Open Question: Cybersecurity Insurance Coverage for Wire Fraud

Open Question: Cybersecurity Insurance Coverage for Wire Fraud

Fraudulent wire transfers are the frontier of cybersecurity insurance coverage litigation.

Many of the cybersecurity insurance coverage disputes that have percolated up to federal appellate courts involve “spearphishing” schemes: a hacker spoofs an email to a company’s finance department that looks like an email from the CEO asking the accountants to wire funds to a customer, except the wire account belongs to the hacker not the customer. Some courts have found that cyberinsurance covers this crime – the fake email is a hack. Other courts have found that there was no “theft” since the company wired the funds voluntarily, albeit by mistake. There’s no definitive answer.

Does cybersecurity insurance cover spearphishing in the opposite direction? When a hacker spoofs a vendor into wiring money intended for an insured business to the hacker’s account? One court recently said no:

The court reasoned that while the commercial insured was owed the money, it never ** owned ** the money, so the hacker stole from the vendor, not the policyholder.

Cyberinsurance is still a new product. Cybercrime is evolving rapidly. Coverage litigation will be the norm, not the exception, for years to come.

Given the uncertainty and split court opinions about coverage for spearphishing – whether the funds depart the policyholder but arrive at the wrong destination or depart a customer but get intercepted en route to the policyholder – sound risk management requires planning – tailoring your cybersecurity insurance policy to ensure coverage for these schemes rather than litigating coverage after you’ve already suffered a loss.



WE'RE HERE (206) 257-6556