Phishing is a criminal hacker’s favorite sport, and for good reason. It’s a tried and true way to land the big one, over and over again. Whether using a spoofed bank website and stolen email addresses to trick customers into divulging account information, sending email messages purporting to be from a senior company official to deceive employees into providing personal health records, or posing as a trusted vendor and transmitting wire transfer instructions to fraudulently divert funds, hackers are reeling in the catch and making it look easy.
But a well-managed company should have sophisticated safeguards in place. And if these fail, there is insurance coverage, right? The prudent policyholder buys all kinds of insurance: It has up-to-the minute “Cyber” coverage. It has Crime and Fidelity coverage with Computer Fraud riders. It has Professional Liability coverage. And of course it has regular old Commercial General Liability and Property coverage. Surely it’s covered for this type of fraud. Or is it?
While seeming to offer products that respond to the latest risks, insurers often provide limited coverage and seek to exclude the most obvious and inevitable losses. A series of recent cases highlight some of the biggest holes in the insurance safety net.