A recent blog, Computer Fraud Insurance in the Cyberage, about courts supporting insurers in denying coverage for cybercrimes that did not originate with through ‘direct’ use of a computer should cause insureds to look closely at their cyber insurance coverage. Many insured’s are finding that the coverage they purchased does not cover what they thought.
Recent cases cited:
1. Pestmaster Services v. Travelers Casualty & Surety Co-- In 2016 the 9th U.S. Circuit Court of Appeals affirmed a district court's conclusion that there was no coverage under a computer fraud provision.
2. Apache Corp. v. Great America Insurance Co-- In 2016 the 5th U.S. Circuit Court of Appeals agreed with Great American Insurance Co. that Apache Corp.'s loss of $1.5 million was not covered under a computer fraud provision.
3. American Tooling Center v. Travelers Casualty & Surety-- Relying in part on Apache, a federal judge in Michigan ruled in August 2017 that Travelers was not obligated to cover American Tooling Center Inc.'s losses resulting from a fraudulent email-based scheme.
4. Interactive Communications v. Great American Insurance Co-- More recently, the 11th U.S. Circuit Court of Appeals affirmed a lower court's grant of summary judgment in favor of Great American Insurance Co.
All these cases had a common thread; “that the computer fraud provisions at issue were intended for situations in which an individual uses a computer to gain access to an insured’s internal computer system and then uses that access to transfer funds from the insured’s premises. “ Even though the fraud and deceit used to pull off the crime involved electronic media, it did not ‘directly’ utilize the entities’ computers to pull off the crime as intended by the insurance policy.
As we have stated before not all cyber insurance coverage is created equal. Make sure that that the cyber insurance coverage you have meets your needs. There are no standard cyber policies or cyber policy provisions. One policy that we are aware of the CyberLaw CyberWrap policy contains a different definition of “cybercrime”:
“J. Cybercrime means fraudulent funds transfer loss incurred by you as a direct result of:
1. The transfer of funds by you, in good faith, from your bank or securities accounts or your client’s bank or securities accounts for which you are an authorized custodian, to a third party in reasonable reliance on fraudulent or deceptive electronic or telephonic communications received by you directing you to transfer or pay the funds to a third party under false pretenses;
2. The theft of funds from your bank or securities accounts or your client’s bank or securities accounts for which you are an authorized custodian, as a result of fraudulent or deceptive electronic or telephonic communications from a third party directing the bank or securities broker to transfer or pay the funds to a third party under false pretenses without your knowledge or consent; and
3. fraudulent or dishonest use of your computer system to steal your money, securities or other property, provided that such fraudulent or dishonest use did not occur as a result of your failure to adhere to your documented internal security procedures, guidelines or protocols.”
You do not need a computer to pull off crimes of conversion. The world of fraud and deceit can still be done via paper transactions or the US Mail. In many cases a properly endorsed Crime Insurance Policy may provide broader insurance coverage and is a better alternative to protect your IOLTA Account.
The statements in the blog do not intend to interpret insurance coverage. Each insurance policy wording stands on its’ own and each loss will have a different set of circumstances that may or may not change what is and is not covered.