Wire transfer fraud is on the rise and has become a grave concern for businesses involved in large transactions. Firms who serve as fiduciaries for their investor’s money, such as fund managers and real estate developers, are especially vulnerable to this crime given the potential for financial loss, legal liability, and reputational damage. Cyber insurance has emerged as a protective measure against wire fraud, however, not all insurance contracts are created equal and may leave your financial safety net looking more like Swiss cheese. Below we highlight the potential pitfalls in wire fraud coverage and how organizations can safeguard themselves.
Understanding Wire Transfer Fraud
Wire fraud typically involves fraudulent instructions delivered through social engineering techniques such as phishing. More sophisticated efforts may involve a breach to an organization’s network or communication system.
In 2022, cybercriminals stole approximately $2.7 billion by compromising business email accounts and performing fund transfers, according to an FBI report.
Examples of wire fraud coverage gaps:
Account Compromise
An associate for a fund manager receives an email request from an investor to wire money to their account. After the associate confirms the request with a phone call, they receive a follow up email with new wire instructions. Previously, a hacker had gained access to the fund manager’s network, monitored their email activity, and upon discovery of the investor’s request they sent fraudulent account information. The associate initiates the wire as instructed from the fund to the criminal’s account.
Wire transfer losses from managed and escrow accounts may not be covered. Wire fraud coverage on a cyber policy is typically considered First-Party coverage, meaning it insures against losses to your organization’s money, not losses to property owned by others. If you’re a fund manager or real estate developer wiring investors’ money, for example, then your policy will not respond unless customers’ accounts are specifically covered.
CEO impersonation
A financial advisor’s assistant receives a phone call from her CEO who instructs her to wire money to an outside account. Unbeknownst to the assistant, a cyber-criminal made the call using “deep fake” audio to mimic the CEO. By the time the ruse is discovered, the advisor is unable to recover the wired money.
Telecommunications fraud may be excluded. While wire fraud covers fraudulent instruction through electronic means such as email, coverage may exclude instruction by phone, video or fax.
The Solution
Cyber insurance serves as an effective safeguard by providing time critical resources at the time of an attack and indemnifying you for your losses. To avoid pitfalls in coverage, however, you’ll need to work with an experienced insurance broker who has access to competitive carriers and understands how cyber insurance protects your firm from theft and liability stemming from a fraudulent transfer. A good broker may also recommend a crime or professional liability policy to provide additional layers of protection.
**********
Mathew J. Kryder is an Insurance Advisor at Petschauer Insurance, a division of Patriot Growth Insurance Services. Connect with him on LinkedIn here.
Petschauer Insurance is an independent insurance brokerage with over 60 years’ experience. We specialize in reducing the financial exposures asset managers face and seek to establish a firm relationship of mutual trust and superior service. Representing the country’s leading insurance companies, we access competitive products to help our clients preserve their profitability.