INTRODUCTION:

I have been in insurance long enough to understand that just when you think you have it all figured out….you should look around for the 2X4 that is certainly traveling toward your forehead!   I experienced this feeling last week when I was asked by a colleague if “social engineering attacks,” aka Phishing attacks that dupe unwitting employees to voluntarily transfer money or property to phony bank accounts would be covered under the Computer Fraud or Wire Fraud provisions of a standard Crime policy and or Cyber Liability policy.

My immediate reaction was of course they are covered - If this isn’t covered under Computer Fraud then what would it be covered under? Whack!! In came the 2X4!!!!

Turns out that most crime policies, property and even some cyber liability policies, exclude “losses resulting from your, or anyone acting on your express or implied authority, being induced by a dishonest act to voluntarily part with title to or possession of any property.” This exclusion is called Voluntary Parting of Title to or Possession of Property. It immediately occurred to me to ponder how a person in any way can be construed as “voluntarily” giving something away if the crooks that dupe them are sending out millions of emails that purport to be from someone you know and may even contain references specific to that relationship.

Voluntary Parting is a holdover from the days when criminals were way less sophisticated and Mark Zuckerberg was still in diapers. It was written in a less connected world to prevent claims for humans transferring money out of an account after receiving fraudulent instructions because they were careless or the organization lacked operating procedures sufficient to prevent such occurrences. Now in a connected world where an inappropriate action by any unwitting employee in a company can end up costing the company thousands of dollars, Voluntary Parting is a relic that is going to cost the crime carriers money from lost lawsuits and ill will from denied claims.

CONCLUSION:

In the interest of time, I am not going to go into why I feel that the carriers will ultimately lose a case where a computer fraud crime claim is denied because the victim supposedly voluntarily parted with the money or asset. Suffice it to say that sophisticated technology can fool anyone even the savviest CFO if they are victims of sophisticated Phishing attacks like Cross Scripting or Man in the Middle Attacks. If you are technically inclined and would like to learn more about how these nefarious criminals can use sleight of hand to fool you into believing you are at your normal bank site when in reality - it may look like your real bank site but in fact the crooks are right behind the curtain - take a look at ContentVerifications’s web site to have your eyes opened.           

If you would like to discuss this topic in greater detail please feel free to drop me a note at Stewart.Nelson@kapnick.com or call my direct line at 734-929-6057.