California SB-1159: On 9/17/2020 California enacted SB-1159 which imposes certain reporting requirements on California employers. Effective immediately, California employers are required to report positive COVID-19 tests to their workers compensation claim administrator, whether there is an allegation the COVID-19 exposure is related to work or not. Additional information on California SB-1159 can be found here.

Insurance Industry Evolves with Increasing Exposures and Losses

Topics: Cyber Liability

Who is OurMine?

OurMine is the security group who took credit for the attack. They were quoted saying that their members are “just trying to help the world’s  security” and to remind folks that “no one is safe from hackers.” They also explained that they were able to take control of Netflix’s account by targeting and exploiting a single Netflix employee’s account. Other “victims” of OurMine include Facebook CEO Mark Zuckerberg and Google CEO Sundar Pichal – who had their Pinterest and Quora accounts hacked, respectively. Really, OurMine's attack on Netflix was just a clever marketing campaign.

But for agents, this is both a benign example and a good reminder of how easily even the most tech savvy companies can be duped into handing over their credentials. Netflix only paid for their security “flub” in an unauthorized tweet, but too often, business fall prey to corporate account takeovers and pay the hefty cost via a fraudulent wire transfer – like Choice Escrow and Title LLC’s loss of $440,000.

How Common are Data Breaches?

According to a 2016 FBI public service announcement, there's been a 1,300% increase in losses since 2015 due to Business E-Mail Compromise (BEC), which has cost companies $3.1 billion in losses worldwide. The FBI defines BEC as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. BEC is the most common means of corporate account takeover.

How Does This Happen?

In order to protect commercial account holders from falling victim to fraudulent wire transfers via BEC, banks implement agreed-upon verification measures to ensure the transfer request is legitimate. Unfortunately, sometimes these measures fall short of guaranteeing sophisticated fraudsters will never slip through the cracks.

This brings rise to situations where the bank has done everything reasonably required of them to protect the account holder. Ultimately, the account holder is held liable for the lost funds. The end result is a client who is financially responsible and looking to the perceived protector of their funds. Even though the bank has done nothing wrong, they are forced with the lose-lose decision of absorbing the loss or losing the customer.

How to Protect Your Clients' Data

Insuring against situations where the bank cannot be held liable for what is essentially their corporate account holder’s fault is problematic. An insurance company has no way of underwriting for every commercial depositor of a bank and the bank cannot risk being uncompetitive in the market by forcing commercial depositors to purchase their own Cyber Liability Insurance. As with Employment Practices Liability in the 1990s and Cyber Liability in the 2000s up to today, the insurance industry is forced to evolve with increasing exposures and losses.

As of publishing, there is only one product in existence that specifically addresses corporate account takeovers from a financial institution’s perspective – AmTrust’s EFT Guard. Agents, check out our short video summary to learn more about this product


Time Zones