The first report, from the NYT (see here) and Krebs On Security (see here), involved Golden State Bridge, an engineering and construction company based in California. Criminals obtained online access credentials and succeeded in transferring $125,000 in two ACH’s out of the companies accounts in 2010. Seven other transactions were caught and cancelled. The article makes an important point for small business:
Owners often assume incorrectly that the protection they have on personal bank accounts applies to their business accounts. Many are shocked to learn that most banks do not take responsibility for unauthorized debits from business accounts. Unless the owners have fraud insurance, they must shoulder the losses alone
Golden State Bridge had insurance to cover the loss.
The second report is in the Wall Street Journal ($, see here & here; we normally don't link to subscription-only material). The company, Lifetime Forms & Displays, is a mannequin maker and importer in New York and a perfect target for cyber criminals. It appears that the criminals wired money out of the Company's account in nine transactions of approximately $150,000 each to three US banks and one Chinese bank. Most of the money has been recovered through quick action on the part of the company, but amounts wired to the Chinese bank have not been recovered. The company was likely a prime target for the criminals because it regularly utilized online banking for foreign transactions and periodically maintained significant sums in its accounts.
Cyber theft insurance can be a reasonable and effective investment in an era when ultra-sophisticated cyber thieves increasingly are defeating the security that surrounds many commercial online banking accounts
Cyber Risk Insurance is an important tool in mitigating bank account takeover theft, but coverage provided is not consistent and many policies do not cover the loss of money.
According to a recent Account Takeover Survey (see here), bank account takeover attempts continue to increase, but the percentage of cases where funds were actually transferred was flat from 2010 to 2011 at 32%, which was down from 70% in 2009. Note that part of the challenge with any of these statistics is the level of reporting. It is not known what percentage of security breaches are reported.
Cyber Risk Insurance coverage is not well understood, but there is more than enough information available to educate clients. For example, we have a unique approach to ease the educational challenges for retail agents and brokers, and for their customers. As a wholesale broker, we provide Cyber Risk Insurance to all types organizations through retail insurance agents and brokers.