A deceptive business email compromise attack on a third party investment services company has caused an investment firm to suspend its operations. Business email compromise (BEC) is also known as email piracy and social engineering fraud (see our prior posts here, here & here), and is covered by a few Cyber Risk Insurance policies (also called Data Breach, Privacy and Network Security insurance coverage).
In this case, BEC was used to induce the services company to wire large sums to the criminals, likely in China (see here & here). Strong risk management processes might have prevented the scam, and Cyber Risk Insurance, if available to an account like this (difficult in today’s market) may have provided some financial protection.
Based on a lawsuit filed by the investment fund against the services company (see here), it appears that the services company was requested by email to wire money on behalf of the fund. The total amount wired to hackers was $5.9 million in six wire transfers over 21 days.
The lawsuit alleges that the services firm did not follow its own procedures in verifying the wire requests. According to the lawsuit, the service company has a set of procedures in place to prevent fraudulent transfers. As an example, employees “are directed to consider the behavior of its clients and to check all mail recipients in every field of a wire transfer request in order to detect irregularities.” The services company has not commented to date.
Strong procedures and common sense can go a long ways to preventing BEC. As noted here: procedures and policies are great, and they might work too – but only if they're followed.
Cyber Risk Insurance is also an essential coverage for businesses to protect against business email compromise. Organizations of all sizes need financial protection for both criminal attacks and employee error. Coverages vary widely and can be tailored to cover business email compromise as well as costs associated with data breaches, business interruption, and other cyber risk exposures.
Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber). We excel at hard to place accounts.
Specialty Insurance Expertise: Tennant Risk Services
Content © Tennant Risk Services Insurance Agency, LLC, 2005 - 2017 | All Rights Reserved.