Insureon Blog

How Your Employees Could Cost You Insurance Coverage

23. September 2015 07:46

toy action figure casting a line on a keyboard

You expect a lot from your employees. Namely, you expect their work to help bolster your bottom line, not take away from it. But a new lawsuit shows how an employee's unsuspecting mistake can lead to serious losses.

According to a report by Advisen, three employees of Medidata Solutions, Inc. were targeted in a phishing scam that ended with them inadvertently transferring $4.8 million to a criminal's bank account in China. The report states the impostor's scam was convincing at every turn:

So, the report continues, Medidata did what any company with a Cyber Liability Insurance policy with computer fraud coverage would do: it tried to get that lost money back from the insurer. The provider claims that its employees handed that cash over voluntarily, and given the policy's language, coverage doesn't apply. To which Medidata responded, "Here's a lawsuit for you."

It's an interesting turn of events: an obvious fraud being denied coverage because the employees were manipulated rather than the computer system. Sophisticated cyber exploits can quickly get out of hand if you don't train your employees properly.

Risk Management Isn't Just Good for Business – It's Good for Your Coverage

If the Medidata debacle illustrates anything, it's that your business is only as protected as your internal risk management efforts. Even when you have insurance, you need to manage and reduce risk proactively to truly keep your business safe.

As we covered in "Applying for Cyber Insurance? Talk to IT First," your insurance coverage may hinge on whether or not you actually implement the risk management strategies and training that your insurance application claims you do. In that instance, a nonprofit hospital system's application affirmed it encrypted its patients' data, but during a data breach investigation, the provider found it didn't and challenged its duty to cover the $4.1 million claim.

So your motivation here is twofold:

  1. You want to manage risks to keep data breaches and phishing schemes from happening in the first place because they can be nightmarishly expensive.
  2. If you put risk management first but still suffer a cyber attack, your provider will have a harder time denying an applicable claim because you upheld your part of the bargain.

Now for the next question: if the risk you need to manage is human behavior, where do you start?

On Keeping Employees from Falling for Phishing Emails

In a spear phishing attack, the con artist poses as an executive or a vendor and tries to get an unsuspecting employee to either give up login credentials or to transfer funds to their bank account. Of course, you don't want to tell employees to not respond to their superiors on the chance a message could be a fraudulent one. At the same time, how are they supposed to tell who is really emailing them when the message has all the hallmarks of an authentic email from the supposed sender?

In the post "23% of Small Business Employees Still Make This Critical Mistake," we discuss some tips for spotting sloppy phishing emails, but to guard against sophisticated attacks, you should...

The Advisen report notes that compromised email scams have racked up almost 2,000 victims and $215 million in losses since 2013, according to the FBI's data. Give your business its best chance to dodge these tricks by staying informed and prioritizing employee training.

To learn about other cons that can cost your business big, read "Small Business Scams Aren't All Online" and "Hello? It's Me. I'm Hacking You."

Tags:

Cyber Risk Insurance | Insurance News | Insurance Terms Explained | Risk Management | Small Business | Small Business Risk Management | Tips for All Small Businesses

Permalink | Comments (0)