Cyber coverage is all the rage. As it should be. “It’s not a matter of whether,” say the experts, “it’s when you will be hacked.” And so the market has responded with a plethora of insurance coverage available to protect you when your company gets hacked and when you sustain losses or lawsuits because of it.
But it pays to think through the kinds of losses your company is likely to incur and then determine your best insurance coverage needs. And here’s a need you might not think of – the losses you incur when a scam artist disguises as your customer’s account, tricks you in sending products, and leaves you hanging dry. It happens like this.
You get an email that looks like it’s from a customer ordering your product. You review the customer’s web page and confirm the identity of the email sender on it. You call the customer at the phone number listed in the email and a person by that name confirms the order. You ask for a credit verification report; you receive it. You arrange for shipment at the very address listed on the web page.
The “customer” then calls and asks you to re-route the shipment to a different address. You agree to do so, because customers do this frequently. You then call the person to confirm receipt – no answer. You go to the webpage and call someone else listed. They refer you to the named person, who answers and says, “What shipment?”
Your “customer” was a fraud. Someone faked being a real person, both by email and by return phone. They also sent a fake credit verification report. They had trucks waiting at the re-routed location where they picked up the product and disappeared without a trace. (In my client’s case, the product was put on a plane oversees and then, according to the FBI who investigated it, to distant parts of Eastern Europe.) And of course, the company was never paid.
Your big fat cyber coverage policy will cover things like “targeted hacker attack,” “identity theft,” “system penetration,” and “computer fraud.” And those terms might cover the above scenario. But not with this common policy exclusion: No coverage for “[v]oluntary parting with any property by you if induced to do so by any fraudulent scheme, trick, device or false pretense.” This is often called the “False Pretenses Exclusion.”
So, it doesn’t matter if you are the victim of a cyber coverage event when scammers defrauded you through electronic means. You were induced to part with your product by a “fraudulent scheme, trick, device or false pretense.” No coverage for you – so long as the False Pretense Exclusion is in your policy.
That’s why you have to make sure you don’t have that exclusion in your policy if you’re doing that kind of business. You can ask to have that exclusion removed. That’s why you have to think about the kinds of losses you are susceptible to incurring. And then make sure your policy will cover them.
By David A. Shaneyfelt
David A. Shaneyfelt is an attorney with The Alvarez Firm in Calabasas, California, where he represents companies in disputes with insurance companies. Click here to review Mr. Shaneyfelt’s full bio.