With an increasing number of cyber criminals actively targeting small businesses, firms need to be ever vigilant against the threat posed by imposters posing as valued customers.
In this month’s Cyber Blog from MGAM, we look at how the MGAM Cyber Policy could provide support when you need it most.
The Insured, a property development company, make regular, monthly payments to a contractor for on-going projects.
On the day the payments were due, the Insured received an email purportedly from a director at the contracting firm, notifying of a change in bank details. The Insured sought written confirmation of this change and received an emailed letter signed by the director. On receipt of the signed confirmation, the Insured arranged two electronic transfers totalling approximately £450,000.
At a later date, the Insured received an enquiry from the construction company about the progress of the payments. The Insured then realised that the new bank details were fraudulent.
Where is this covered?
Cyber Theft is an insured event under the Insuring Clauses of the MGAM Cyber policy.
The policy will reimburse you for the direct monetary loss you suffer from the incorrect transfer of funds that occurs as a result of unauthorised access to your network or as a result of a social engineering attack against you (such as a phishing e-mail).
What was the outcome of the claim?
An IT vendor was appointed to investigate the incident.
It was discovered that there was no evidence that the Insured’s system was compromised, or any evidence that the system of the contracting firm was corrupted.
The signed letter providing confirmation of the change in bank details was produced from publicly available information taken from the contractor’s website.
The Insured received the full sub-limit of indemnity for social engineering incidents, approximately £100,000.