Topics: Cyber Liability
OurMine is the security group who took credit for the attack. They were quoted saying that their members are “just trying to help the world’s security” and to remind folks that “no one is safe from hackers.” They also explained that they were able to take control of Netflix’s account by targeting and exploiting a single Netflix employee’s account. Other “victims” of OurMine include Facebook CEO Mark Zuckerberg and Google CEO Sundar Pichal – who had their Pinterest and Quora accounts hacked, respectively. Really, OurMine's attack on Netflix was just a clever marketing campaign.
According to a 2016 FBI public service announcement, there's been a 1,300% increase in losses since 2015 due to Business E-Mail Compromise (BEC), which has cost companies $3.1 billion in losses worldwide. The FBI defines BEC as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. BEC is the most common means of corporate account takeover.
In order to protect commercial account holders from falling victim to fraudulent wire transfers via BEC, banks implement agreed-upon verification measures to ensure the transfer request is legitimate. Unfortunately, sometimes these measures fall short of guaranteeing sophisticated fraudsters will never slip through the cracks.
This brings rise to situations where the bank has done everything reasonably required of them to protect the account holder. Ultimately, the account holder is held liable for the lost funds. The end result is a client who is financially responsible and looking to the perceived protector of their funds. Even though the bank has done nothing wrong, they are forced with the lose-lose decision of absorbing the loss or losing the customer.
Insuring against situations where the bank cannot be held liable for what is essentially their corporate account holder’s fault is problematic. An insurance company has no way of underwriting for every commercial depositor of a bank and the bank cannot risk being uncompetitive in the market by forcing commercial depositors to purchase their own Cyber Liability Insurance. As with Employment Practices Liability in the 1990s and Cyber Liability in the 2000s up to today, the insurance industry is forced to evolve with increasing exposures and losses.
As of publishing, there is only one product in existence that specifically addresses corporate account takeovers from a financial institution’s perspective – AmTrust’s EFT Guard. Agents, check out our short video summary to learn more about this product