In a recent brief filed in the Sixth Circuit, American Tooling Center, Inc. argued that the appellate court should reverse the district court’s decision finding no insurance coverage for $800,000 that American Tooling lost after a fraudster’s email tricked an employee into wiring that amount to the fraudster. As we previously reported here, the district court found the insurance policy did not apply because it concluded that American Tooling did not suffer a “direct loss” that was “directly caused by computer fraud,” as required for coverage under the policy. The district count pointed to “intervening events” like the verification of production milestones, authorization of the transfers, and initiating the transfers without verifying the bank account information and found that those events precluded a “finding of ‘direct’ loss ‘directly caused’ by the use of any computer.”
On Tuesday, the U.S. District Court for the District of New Jersey granted Travelers’ motion to dismiss Posco Daewoo America Corporation’s suit for coverage under the computer fraud provision of its crime insurance policy. Distinguishing itself from precedent like Medidata, Principal Solutions Group, Apache and American Tooling Center, Daewoo did not seek coverage for money fraudulently transferred or stolen from its own accounts. Instead, Daewoo sought coverage for amounts that had been designated for payment to Daewoo by a third party supplier, Allnex, and stolen from Allnex after a criminal impersonated a Daewoo employee. The Court held that the crime policy did not cover the lost sums because Daewoo did not “own” the money stolen from Allnex.
In its third quarter report, insurer Beazley reported a nine-fold increase in social engineering attacks (i.e., deception-based fraud/crime) as compared to the same time last year. So far, the majority of social engineering attacks in 2017 were focused on the professional services sector (18%), followed by financial institutions (9%), higher education (9%) and healthcare (3%). The report also notes continued high rates of unintended disclosure via employee negligence across all sectors (29%), second only to affirmative hacking or malware attacks (34%).