Cyber criminals are using a variety of creative methods to gain access to systems and to steal information and money, and comprehensive Cyber Risk Insurance (also called Data Breach, Privacy and Network Security insurance coverage) provides important financial protection from cyber attacks. A key theme is the creative use of information obtained from a cyber attack on a third party. Here are a few examples:
Criminals have been stealing food because selling hijacked food is easy – “food is the easiest target in an ocean of easy targets.” In one example, criminals appear to have hacked into a trucking company’s systems and then posed as the trucking company to pick up shipments of nuts (see here & here).
Cargo thieves often pose as legitimate companies and bid for shipping contracts on load boards, which are sort of like Craigslist for truckers looking for jobs. A thief hoping to steal almonds might try to find transport jobs in nut-growing regions across the country, especially ones that ask truckers to be well insured or that leave late in the week, to give them a few extra days to get away.
A closing agent received two emails from a client requesting that a check for approximately $300,000 issued at a recent closing be stopped, and that the funds be wired to his account instead. The closing agent refused, saying security procedures prevented any changes in payments via email. So the criminal, pretending to be the client, got on the phone and verified his identity – as the client – using a drivers license and other identifying information, and the closing agent wired the money as requested. The theft became clear when the real client called asking why the funds were not in his account after depositing the check.
Third Party Website Breach
Cyber criminals were having a hard time penetrating an energy firm’s systems, but they noted that many employees utilized a restaurant website for ordering food (see here). They hacked the restaurant’s website in order to plant malware and gain access to the firm's systems – successfully.
Law Firm & Securities
Cyber criminals apparently traded on confidential information stolen from a law firm working on a number of securities transactions (see here & here). By gaining access to a law firm’s system, the criminals were able to view confidential information regarding securities transactions, and trade on information regarding the transactions.
Third Party Services Firm
Almost $6.0 million may have been wired to cyber criminals from an investment commodities firm’s bank accounts by a third party services firm (see here). The combination of email and telephone communications from the criminals convinced the services firm to wire the money in a series of wires over the course of a few weeks. The commodities firm sued the services firm.
Cyber Risk Insurance
In addition to strong IT security, Cyber Risk Insurance can be an important financial protection against hacking attacks – as long as it is comprehensive. Coverages vary widely, but comprehensive Cyber Risk Insurance policy forms are available.
Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability and specialty insurance (E&O, D&O, EPL, Cyber Risk, Specialty). We excel at hard to place accounts.
Specialty Insurance Expertise: Tennant Risk Services
Content © Tennant Risk Services Insurance Agency, LLC, 2005 - 2017 | All Rights Reserved.