<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-PKTWZP7" height="0" width="0" style="display:none;visibility:hidden">

Customer Service 877.528.7878

Insurance Industry Evolves with Increasing Exposures and Losses

 
On December 21, 2016, the social media team at Netflix woke up to see their Twitter account had posted the following tweet:
"Hey, it's OurMine, Don't worry! We are just testing your security. Contact us to tell you more about that."
AmTrust EFT Guard is the only product on the market that addresses corporate account takeovers for financial institutions.

Who is OurMine?

OurMine is the security group who took credit for the attack. They were quoted saying that their members are “just trying to help the world’s  security” and to remind folks that “no one is safe from hackers.” They also explained that they were able to take control of Netflix’s account by targeting and exploiting a single Netflix employee’s account. Other “victims” of OurMine include Facebook CEO Mark Zuckerberg and Google CEO Sundar Pichal – who had their Pinterest and Quora accounts hacked, respectively. Really, OurMine's attack on Netflix was just a clever marketing campaign.

But for agents, this is both a benign example and a good reminder of how easily even the most tech savvy companies can be duped into handing over their credentials. Netflix only paid for their security “flub” in an unauthorized tweet, but too often, business fall prey to corporate account takeovers and pay the hefty cost via a fraudulent wire transfer – like Choice Escrow and Title LLC’s loss of $440,000.

How Common are Data Breaches?

According to a 2016 FBI public service announcement, there's been a 1,300% increase in losses since 2015 due to Business E-Mail Compromise (BEC), which has cost companies $3.1 billion in losses worldwide. The FBI defines BEC as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. BEC is the most common means of corporate account takeover.

How Does This Happen?

In order to protect commercial account holders from falling victim to fraudulent wire transfers via BEC, banks implement agreed-upon verification measures to ensure the transfer request is legitimate. Unfortunately, sometimes these measures fall short of guaranteeing sophisticated fraudsters will never slip through the cracks.

This brings rise to situations where the bank has done everything reasonably required of them to protect the account holder. Ultimately, the account holder is held liable for the lost funds. The end result is a client who is financially responsible and looking to the perceived protector of their funds. Even though the bank has done nothing wrong, they are forced with the lose-lose decision of absorbing the loss or losing the customer.

How to Protect Your Clients' Data

Insuring against situations where the bank cannot be held liable for what is essentially their corporate account holder’s fault is problematic. An insurance company has no way of underwriting for every commercial depositor of a bank and the bank cannot risk being uncompetitive in the market by forcing commercial depositors to purchase their own Cyber Liability Insurance. As with Employment Practices Liability in the 1990s and Cyber Liability in the 2000s up to today, the insurance industry is forced to evolve with increasing exposures and losses.

As of publishing, there is only one product in existence that specifically addresses corporate account takeovers from a financial institution’s perspective – AmTrust’s EFT Guard. Agents, check out our short video summary to learn more about this product. Not a member of the AmTrust family?

Become an Appointed Agent

 

 

Want to get more policy updates, industry news, and hot tips for growing your agency? Subscribe to our blog below to be the first to know when we publish a new post!

 

Editor’s Note: This blog was originally published on June 12, 2017 and has been updated and edited.

Subscribe today!