Insurance Coverage for Social Engineering Crimes – How to Avoid Being Victimized Twice

By Richard Milone on January 1, 2020

Among the fastest growing risks to any business are social engineering attacks, also known as business email compromises, in which a company’s employees are tricked into misrouting funds by an email from a criminal imposter. Most frequently the imposter’s email impersonates either a vendor or an executive of the company itself. Businesses in any sector can fall victim to these schemes. When businesses suffer this type of loss and then are denied insurance coverage, the denial frequently comes as a surprise, leaving the business owners feeling as if they have been victimized a second time.

Within a two month period in Summer 2018, two significant appellate decisions affirmed lower court rulings finding coverage for business email compromises. Medidata Solutions Inc. v. Federal Insurance Co., 729 Fed. Appx. 117 (2d Cir. 2018); American Tooling Center, Inc. v. Travelers Casualty & Surety Co., 895 F.3d 455 (6th Cir. 2018). These two decisions signaled a trend in favor of coverage.

Three more recent court decisions, however, illustrate how differences in policy language can produce varied outcomes. These three decisions underscore the importance to businesses of undertaking a proactive review of their insurance programs, with an eye toward this sort of loss, before the policy is purchased.

In Tidewater Holdings, Inc. v. Westchester Fire Insurance Company, 2019 WL 2326818 (W. D. Wash. May 31, 2019), the court held that a corporate indemnity policy covers losses that were incurred when a fake email convinced an employee to change the routing coordinates for payments to a vendor. The policy contained a broad exclusion entitled “Fraudulent Transfer Request,” which barred coverage under most coverage parts for “the intentional misleading of an employee, through misrepresentation of a material fact…”. However, this exclusion was inapplicable to one coverage part, “Supplemental Funds Transfer Coverage,” which expressly provided coverage for “Fraudulent Transfer Requests.” The Court therefore held that coverage applied under that one section of the policy.

In The Childrens Place, Inc. v. Great American Insurance Company, 2019 WL 1857118 (D.N.J. April 25, 2019), the policy lacked the Fraudulent Transfer request exclusion, and therefore the court denied an insurer’s motion to dismiss with respect to a loss based on intercepted and fraudulent emails under the Computer Fraud section in a Crime Protection Policy. However, the New Jersey court granted the insurer’s motion to dismiss with respect to a different section of the policy, its “Forgery or Alteration” coverage, finding that the emails were not sufficiently similar to “checks, drafts, or promissory notes” to fall within the wording of that section. Also, the court found no coverage under the “Fraudulently Induced Transfers” section of the policy, on the grounds that the insured did not take certain precautionary measures that might have prevented the loss, and such measures were conditions precedent to coverage under this section.

More from the Milone Law Firm Blog

Minimizing Litigation Costs by Maximizing the Value of Insurance Coverage

An Article highlighting the key points that in-house counsel should consider to maximize the value of their company’s insurance coverage.

Chambers Practice Area Overview – District of Columbia: Insurance: Policyholder

For insurance matters of national importance, clients often hire Washington, D.C. counsel as insurance law across the USA is heavily influenced by them.

Why Every Company Should Have an Insurance Coverage Lawyer Review its D&O Policy as Part of its Annual Renewal

Director’s & Officer’s (D&O) insurance policies are contracts potentially worth tens of millions of dollars, but during their annual renewal, their wording frequently is given little or no review.

Albert Girod, Member, SSL Services, LLC

“I cannot say enough about his skill, judgment, integrity, and commitment to advancing his clients’ interests.”

Photo of The Willard Office Building by dbking on Flickr, licensed under the Creative Commons Attribution 2.0 Generic license.

Photo of The Willard InterContinental by AgnosticPreachersKid on Wikimedia Commons, licensed under the Creative Commons Attribution-ShareAlike 4.0 International license.