Back in July 2017 we posted a blog about a protocol to minimize the possibility of a social engineering claim (Go here for the posting).
This topic has become of interest to CPAs as the number of spoofing claims has increased. A recent posting on the KnowBe4 website (go here for the posting) discussed whether a Cybercrime Insurance policy provides coverage for this.
Several professional liability insurers are reviewing this exposure (to fraudulent wire transfer claims) and the reactions have been mixed.
Most insurers have remained silent on the issue. The AICPA program for accountants’ professional liability, CAMICO, GenStar and Navigators have no exclusion or sublimit in the policy although there may be limitation language in a policy’s fraud exclusion. Some, Travelers, CPAGold™ and Hiscox are working on active coverage affirmations.
However, one insurer has decided to add a specific exclusion for “False Pretenses.”
This policy does not apply to claim(s):
b. Based upon, arising out of or in any way related to, directly or indirectly, any transfer, payment or delivery of funds, money or property, by anyone, which was caused or induced by, trick, artifice or the fraudulent misrepresentation of a material fact including, but not limited to, social engineering, pretexting, phishing, spear phishing or any other confidence trick. (emphasis added)
This means that if a member of your staff is duped into making fraudulent money transfers, under the terms and conditions of this endorsement it’s likely that you have no coverage.
You may have coverage elsewhere, either via a separate cyber policy or a comprehensive crime policy; however, if you secure legal liability coverage via your malpractice insurer and notice a similar provision, you should insist upon its removal.
Late in 2017, an insurance company filed a specific False Pretenses Endorsement with various State departments of insurance (Endorsement #: 915-0168 10 17) stating:SECTION E - EXCLUSIONS – WHAT THIS POLICY DOES NOT INSURE is amended to include: This policy does not apply to claims based upon, arising out of or in any way related to, directly or indirectly, any transfer, payment or delivery of funds, money or property, by anyone, which was caused or induced by trick, artifice, or the misrepresentation of a fact including, but not limited to, funds transfer fraud, social engineering, computer fraud, pretexting, phishing, spear phishing or any other confidence trick.
Insurers have witnessed a significant increase in Social Engineering Claims, including those related to fraudulent wire transfers, but no major carrier has taken such a aggressively negative position regarding the relatively new, and increasingly important threat to insureds.
By contrast, CPAGold™ has designed a new affirmative coverage endorsement that promotes best-practice over coverage limitations. But this will be a subject of a future blog posting.
Check your policy to see if this exclusion has been applied to your coverage. If it has, ask for it to be removed or buy malpractice coverage from an insurer that offers a policy that does NOT make coverage subject to the foregoing exclusions.
Jorgensen & Company are not attorneys and do not offer any form of legal advice. Consult with appropriately qualified local counsel for more assistance. Rickard Jorgensen is President and Chief Underwriting Officer for the CPAGold™ program and may be contacted at (201) 345 2440 or email@example.com.
- SOCIAL ENGINEERING/WIRE TRANSFER FRAUD – A NEW TWIST ON AN OLD SCAM.
- A new variation on Comfort letters – Third Party Verification Letter requests from Investment Professionals
- Cybercrime Uses Social Engineering Techniques to Steal Employee Credentials and Commit Payroll Diversion
- Using the engagement letter to reduce cyber liability exposure
- Early Notice to insurers and claims mitigation has many benefits