In our first blog, The Escalating Stakes of Cyber Insurance, the $6 million getaway example was a closely-watched breach of contract lawsuit that a financial technology vendor levied against its insurer. As detailed in CPO Magazine, the vendor was involved in “a major cyber incident in which Chinese hackers managed to dupe the company out of $5.9 million. Spoof emails purporting to come from one of the company’s clients instructed the company to make six wire transfers to an unknown bank account holder in Hong Kong.” The attack employed what cybersecurity experts call a business email compromise (BEC) scam, using email channels to impersonate and direct official business. 

Following the incident, the vendor filed a claim with its cyber liability insurance provider seeking to recover the funds bad actors illegally obtained, but the insurance provider resisted – in short, citing an exclusion in its policy for criminal acts. Legal arguments turned on the definitions of loss, theft regarding the attacker’s modus operandi, and how this M.O. compared to the vendor’s internal controls. The litigation continued, with CyberScoop ultimately reporting a judge in the Southern District of New York ruled the insurer had to cover the stolen funds. 

Business email compromise (BEC) scams alone are staggeringly common and effective. It’s one thing if an attacker evades layers of defenses intruding into your perimeter, but what if they just impersonate the boss via email or social media instead? How much are companies’ policies, security controls and insurance footing premised on the former scenario, versus the latter?

These types of cyberattacks could be detrimental to any organization and prove the need for digital forensic and incident response (DFIR) services. Learn why you need DFIR for your organization in our latest whitepaper: Why DFIR Is Needed in Partnership with Cyber Insurance.