Can you imagine sending $28,700 to the wrong guy? When a perfect invoice with the correct amount shows up at the right time, it would be hard to know it was from a hacker.
A virus getting in and wrecking our data is a first party loss of digital asset problem, but the virus getting in and infecting somebody else, like one of our customers, is a third party network security liability problem.
We’ve had it happen.
One of our clients was negotiating with one of their customers back and forth by email. Finally, they reached an agreement, asked for an invoice, and within minutes a beautiful invoice showed up. It looked very legitimate with all the routing instructions and the exact dollar amount discussed. Everybody approved the transaction and payment went out.
Except $28,700 went out to the wrong guy. That is a network security liability problem.
Our customer ran into a $28,700 problem because an email was hacked and somebody or some system was laying there in wait until the right language came up. They capitalized on the fact an invoice was sent.
One thing I want to bring up is forensics. We don’t just assume who the guilty party is; there has to be forensics done. A lot of times it’s very expensive, so it’s one of the things that’s now automatically included in cyber coverage. At one time, you had to ask for forensics coverage to be included.
In our case, with this particular story, the hack was our guy and somebody got into his email. That’s the reason we had a liability claim, and that’s why it was covered under his network security liability coverage for the $28,700. The hack was at our guy’s end of the conversation, but his customer is the one who suffered the loss.
But what if the hack had been at the customer’s email? Surprisingly, that’s not a cyber claim at all. That’s a crime problem. Those people were just scammed out of $28,700. The fact that the conversation was listened to or capitalized on because somebody got into their email is a social engineering kind of thing. They were tricked out of the money thinking they were sending it to someone else.
I love telling that story because it has a twist at the end. There’s more than just cyber coverage to be considered when you look at some of these losses.