Computer Hacking is a growing risk facing businesses today. We hear about it in the news almost daily.
From an insurance and loss perspective, we have seen one unique trend over the last 6 months. Each scenario has varied slightly from the last, but the fact pattern is essentially the same.
Hackers are penetrating business networks. Once they are in the network, they are able to learn the internal protocol for transferring funds. For example, Company ABC’s protocol for transferring funds is for the controller to request authority from the CFO. The CFO approves and sends the request to the CEO, and in turn the CEO sends an email to the controller approving the funds transfer.
Once the hackers understand the chain of activity, they are doing either of the following:
- The hackers are creating fake emails that look like they were sent by company officers and fraudulently having the funds released from the company.
- They are hacking directly in the company’s email system and sending fraudulent emails to the bank prompting the transfer.
The insurance industry is trying to catch up to the risk, but many carriers do not have products to cover this type of loss. We continue to work with carriers to add this coverage to policies.
We encourage you manage the risk internally by reviewing and renewing your processes and procedures so you can prevent fraudulent emails from triggering a funds transfer.