Monday, December 17, 2012

Cyber Liability

Reports in the Wall Street Journal have described accounts of a hackers breaking into over 2,400 different companies’ computers during an 18‐month period. In Oregon a private company experienced on‐line bank fraud. This seems to be the latest method of choice by these hackers. The FBI issued a press release in November 2009 concerning a type of “phishing” attack, or fraudulent means of obtaining personal credentials (bank account and password data, etc), occurring within small and medium businesses, municipal governments and school districts. The scam/phishing attack involves unsuspecting finance persons being lured into installing malicious software. The malicious software hides itself and records everything the person does on their personal/business computer. It records user names and passwords for every kind of transaction, including wires and ACH [Automated Clearing House]. The software will then forward the stolen data along with digital certificate information to the “bad guys” who will promptly use the information to transfer funds out of the organization’s bank account. As of October 2009, theft attempts have reached approximately $100 million.

Most business insurance policies do not cover computer fraud by a third party or the liability arising out of a cyber attack. The good news is the solutions are available. Make sure your crime policy has electronic crime and fraud coverage with appropriate limits. Cyber liability insurance can be added to your program to cover the costs associated with customer notification and recovery of hacked data.

No comments:

Post a Comment