Search Reported Parts

Search Companies

Search Member Inventories

ERAI Blog

 



ERAI Blog

Cyber Crime Victim Sues Insurance Provider for Denying $480,000.00 Claim

Kristal Snider
ERAI, Inc

Cyber Crime Victim Sues Insurance Provider for Denying $480,000.00 Claim

Kristal Snider, ERAI

AFGlobal Corporation, a Texas based AS9100 certified manufacturer servicing the aerospace market, is battling their insurance company in a Texas district court to get back $480,000.00 lost to a cyber scam dubbed “Business Email Compromise” by the Federal Bureau of Investigation (FBI).

We are learning there are subtle nuances and specific limitations that could leave policy holders left holding the bag after becoming a cybercrime statistic.

On May 21, 2014 the Director of Accounting at AFGlobal received an email appearing to originate directly from the company’s CEO instructing payment totaling $480,000.00 be wired immediately to the Agricultural Bank of China (aka AgBank).  The employee was advised the transaction was a sensitive “confidential financial operation” relating to an “acquisition” and should “take priority over other tasks.” The e-mail also indicated the employee would receive a phone call from an attorney by the name of Steven Shapiro with KPMG (an organization specializing in audit, tax and advisory services in 155 countries).  The call was received, additional instructions were provided and the funds were subsequently released.

On May 27, 2014, “Mr. Shapiro” advised the employee the first payment had been received and requested an additional payment totaling $18 million be wired.  The employee became suspicious and alerted his immediate supervisor and the officers of the company at which time it was discovered the company had been the target of an elaborate scheme. A claim was filed with AFGlobal’s insurance provider after attempts to recall the $480,000.00 wire were unsuccessful.  The cyber crooks had emptied and closed the bank account shortly after the funds were deposited.  The claim was denied by Federal Insurance Company, a division of Chubb Group, on the basis that email fraud does not meet the definition of “computer fraud” covered by AFGlobal’s policy.

The insurance company has argued that the fraudulent email did not directly cause the company's loss; rather, it was the employee’s actions that caused the loss. The insurer also claimed that the email was not an intrusive attack because it did not cause any loss or changes to the company's computer system and, although fraudulent, the email could have been received by anyone within the company.

A copy of the denial of coverage letter issued by Federal Insurance Company to AF Global Corporation is provided at the end of this article.

AFGlobal has filed a lawsuit against Federal Insurance and is seeking damages and attorney fees claiming breach of contract and “bad faith insurance practices.”  This case is before the U.S. District Court for the Southern District of Texas and is schedule to be called to trial on or about June 26, 2017.

Questions to Ask a Prospective Cyber Insurance Provider

According to an article published by Broadsuite Media Group, if you are thinking about or have invested in Cyber Insurance here are the top ten questions you should ask your provider1:
  1. What types of incidents are covered?
  2. Are there any types of incidents that are specifically excluded from coverage?
  3. What regions/territories are you covered in and any final considerations?
  4. What is the timeframe in which you must report a breach in order to benefit from your policy?
  5. After reporting a cyber-attack, how quickly does the provider respond?
  6. Is the provider knowledgeable about your industry?
  7. What is the cost?
  8. If a breach occurs, how does that affect your premium?
  9. How flexible is the provider in terms of modifying coverage to meet evolving threats?
  10. Does the provider require you to comply with any specific compliance or audit obligations?
We are learning there are subtle nuances and specific limitations that could leave policy holders left holding the bag after becoming a cybercrime statistic.  Review your policy with your legal counsel to ensure you have conducted a thorough risk assessment.
110 Questions to Ask a Prospective Cyber Insurance Provider - http://converge.xyz/10-questions-to-ask-a-prospective-cyber-insurance-provider/



SEE MORE BLOG ENTRIES

Subscribe to ERAI Blog

Email:

TAGS