4 minute read
COVERAGE CORNER
By Kevin C. Amrhein, CIC
Natural disasters like hurricanes often bring out the best in humanity. Scenes of community – neighbors and strangers alike – coming together to help each other. Beautiful. Hopeful. Inspiring.
And then there’s those guys … ... scumbags who ooze out of their caves to feast on chaos, fear, and confusion. Unfortunately many of these lowlifes are exceptional at two things: 1) hunting their prey (victims of post-disaster scams often are specifically targeted – not random), and 2) convincing their prey of the scam’s validity (e.g. “your insurance company mandates a preclaim inspection performed by an independent contractor like myself. Cash only, please.”)
Having personally experienced several hurricanes, I thought I’d seen the worst humanity can produce … and then came a pandemic.
Since things really started going south in early 2020, authorities have reported significant spikes in online/ cybercrime activity. No demographic is immune, but data show that small businesses seem to be a favorite target of these slimeballs. A pandemic is the perfect recipe for such crimes, and knucklehead criminals know it.
• Communications have shifted almost entirely online.
• Employees often are accessing company networks from remote/ vulnerable locations.
• Employees are distracted, sleepdeprived, and fearful of the future.
Translation: lack of focus.
• Businesses are seeking financial lifelines from governments/banks, and such transactions are handled electronically.
Good old-fashioned hackers are still out there using advanced technical skills to break through firewalls, steal stuff, and/or generally cause trouble (extortion threat, sabotage, etc.). Many cyber insurance policies are constructed to provide cover when vulnerabilities in networks are discovered and exploited, causing financial harm to the business (first-party loss) and possible harm to the business’s contact network (third-party). A review of the policy’s Insuring Agreement/s should help agents and insureds identify the reach of coverage.
Other online scams are not clearly addressed by standard cyber insurance policies. Such are perpetrated by losers who – through emails, inter-company communications, and even phone calls – disguise themselves as legitimate people or sources. Transactions are requested, approved, and poof …there goes the loot (typically currency or proprietary data).
Such crimes hit close to home. When I teach commercial insurance webinars, I ask the audience if they or their businesses have been the target of such scams, and a surprisingly high number of them respond “yes.” Several are honest enough to admit that they were tricked and victimized.
It’s true that sometimes, such crimes – often falling under the heading of social engineering or fraudulent impersonation – are made too easy by oblivious employees who take all unsolicited communications seriously, click on links, download attachments, and/or authorize transactions without a second thought. But such oblivion is fading as more employees are made aware of the need for diligence. What makes many scams so frightening is that they often involve an incredible level of sophistication, research, and, dare I say, talent. These jerks learn to write and even speak like people they know the victim will trust, re-direct legitimate emails and phone numbers away from their actual destinations, ask for difficult-to-trace rewards like gift cards or virtual currency, and then vanish into the wind.
By the time the transaction is questioned, it’s too late. Businesses that have cyber insurance (and an unfortunately high number don’t) may file a claim but learn acts stemming from such scams aren’t reached by that policy’s Insuring Agreement/s. Other cyber insurance policies may cite a voluntary parting or similar exclusion designed to remove coverage for crimes in which an insured – even unknowingly – was a participant.
WHAT EVERY COMMERCIAL LINES AGENT SHOULD DO
• First things first – emphasize risk management. Contact cyber and crime insurers for information about risk management/loss mitigation tools designed to assist insureds in avoiding such scams.
• Review the cyber policy to determine if it’s far-reaching enough to cover losses resulting from such scams.
• Ask the cyber insurer if an endorsement to cover such scams is available.
• Contact insurers for information regarding the availability of
Commercial Crime coverage forms which may respond to such scams.
• Review the commercial property insurance policy/BOP for information about such scams. Use this policy’s lack of respectable cover to encourage the insured about the importance of additional coverage. and/or fraudulent impersonation scams is available from an insurer, read it carefully. Such coverage may offer reduced limits and be subject to other conditions. For example, it may only respond if evidence shows advanced approval from another was first obtained before an employee initiated the transfer.
That’s all for now. Until the next round … cheers!
Kevin C Amrhein, CIC, is IA&B‘s education consultant. He works with our CISR and CIC programs, as well as our special topic seminars and live webinars. Catch him at one of our upcoming professional training offerings: IABforME.com/education.
AN HOUR WITH KEVIN
Register for a 1-hour webinar. Member Price: Just $25
Earn CE by attending 1-hour webinars with IA&B Education Consultant Kevin Amrhein, CIC.
COVERAGE CONCERNS FOR SERIOUS STORM EVENTS
OCT. 13 | 11 AM - NOON
MORE COVERAGE CONCERNS FOR SERIOUS STORM EVENTS
OCT. 14 | 9 AM - 10 AM
Register today. IABforME.com/webinars 800-998-9644, option 1
