"Hey, it's OurMine, Don't worry! We are just testing your security. Contact us to tell you more about that."
Who is OurMine?
But for agents, this is both a benign example and a good reminder of how easily even the most tech savvy companies can be duped into handing over their credentials. Netflix only paid for their security “flub” in an unauthorized tweet, but too often, business fall prey to corporate account takeovers and pay the hefty cost via a fraudulent wire transfer – like Choice Escrow and Title LLC’s loss of $440,000.
How Common are Data Breaches?
According to a 2016 FBI public service announcement, there's been a 1,300% increase in losses since 2015 due to Business E-Mail Compromise (BEC), which has cost companies $3.1 billion in losses worldwide. The FBI defines BEC as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. BEC is the most common means of corporate account takeover.
How Does This Happen?
In order to protect commercial account holders from falling victim to fraudulent wire transfers via BEC, banks implement agreed-upon verification measures to ensure the transfer request is legitimate. Unfortunately, sometimes these measures fall short of guaranteeing sophisticated fraudsters will never slip through the cracks.
This brings rise to situations where the bank has done everything reasonably required of them to protect the account holder. Ultimately, the account holder is held liable for the lost funds. The end result is a client who is financially responsible and looking to the perceived protector of their funds. Even though the bank has done nothing wrong, they are forced with the lose-lose decision of absorbing the loss or losing the customer.
How to Protect Your Clients' Data
Insuring against situations where the bank cannot be held liable for what is essentially their corporate account holder’s fault is problematic. An insurance company has no way of underwriting for every commercial depositor of a bank and the bank cannot risk being uncompetitive in the market by forcing commercial depositors to purchase their own Cyber Liability Insurance. As with Employment Practices Liability in the 1990s and Cyber Liability in the 2000s up to today, the insurance industry is forced to evolve with increasing exposures and losses.
As of publishing, there is only one product in existence that specifically addresses corporate account takeovers from a financial institution’s perspective – AmTrust’s EFT Guard. Agents, check out our short video summary to learn more about this product. Not a member of the AmTrust family?
Want to get more policy updates, industry news, and hot tips for growing your agency? Subscribe to our blog below to be the first to know when we publish a new post!
Editor’s Note: This blog was originally published on June 12, 2017 and has been updated and edited.