Regional Update with Brian Phillips | Holiday Season & Cyber Insurance

One of my favorite times of the year is quickly approaching, the beginning of ski season in the West. Winter not only brings everyone together on the ski hill, but it also brings family and friends together for the holidays and winter vacations. It is also a great time to show your appreciation and gratitude to the most important people in your business – your clients, customers, and employees. I would personally like to take this opportunity to thank each of our agents for doing business with us and to wish you a happy holiday season!

The Holidays are also a time of year to stay vigilant against social engineering and other types of financial crime that we face in our industry. Many agents have shared stories of near losses, and unfortunately some have been impacted by wire fraud this year. I thought it was a good time to remind you that not all cyber insurance is created equal. 

The good news is that more and more cyber insurers are starting to tailor to the threats facing the title insurance industry. The bad news is that many title agencies are still obtaining “cyber” insurance by purchasing an endorsement to their general liability or commercial crime policies. Most general liability and commercial crime policies have coverage for “computer fraud” in the main insuring provisions, and several years ago a specific endorsement for “social engineering” started to become available. While these policies are required if you lease office space, they are likely not the best option to provide coverage for the cyber threats facing our industry. 

Due to the nature of email spoofing schemes, which generally result an employee of the insured transmitting payments with knowledge and consent, most courts have found that these policies do no provide coverage. The first major case to find in favor of the Insurer and against coverage was decided in the 5^th Circuit in 2016 in the case of Apache Corp. v Great American Insurance Co., 662 Fed. Appx. 252 (5^th Cir. 2016), which found that coverage was not triggered if an employee of the insured knowingly entered the information, even if the employee relied on information from a spoofed email. In order to find coverage, the fraudster would need to hack into your computer system and enter the payment information directly. 

Even the so called “social engineering” endorsements are so limited in scope, they typically will not cover wire instructions that were fraudulently transmitted to a title agency. That is because these endorsements only provide coverage if the email that was spoofed is designed to look like it came from a “client,” “vendor,” or “internal management.”  In our industry most emails that contain wire instructions come from the realtor or the financial institution, neither of which are a client or a vendor. Take the time to look at your policy now.  If your policy defines “client,” “vendor,” or “internal management” you likely do not have the coverage for “social engineering” fraud that you think you have!   

Most courts that have analyzed these policies have ruled in favor of the insurer and found that the fraud did not trigger coverage or fell within an exclusion. Not a lot has changed since the summary of case law that analyzed in the February 2018 edition of this newsletter. If anything, the Courts have conclusively determined that these policy provisions favor the insurer and not the insured. The insurance industry has taken affirmative steps to eliminate exposure for such claims under general liability and commercial crime policies and endorsements. Due to the increasing risk and sophistication of the criminals, our industry has demanded a new type of insurance product. Stand-alone cyber insurance products are far more likely to provide coverage for the threats facing our industry. 

I would strongly recommend you look beyond your Commercial Crime Policy as a source for Cyber and Social Engineering Fraud. In the past few months, some insurance companies started developing a Holistic Approach to Cyber Crime Risk with a two-layer approach to help mediate the risk. The first layer is to implement the proper IT infrastructure that includes a Secure Email Gateway (SEG), and anti-malware list MS Defender or Proofpoint.  The second layer is to add a stand-alone cyber policy designed for the title insurance industry.  More insurance options are available now than ever before and are much more likely to provide coverage in the event of a social engineering scheme targeted toward our industry. Take your time and shop around for the right coverage for your business! 

Brian Phillips
SVP, Western Region Agency Manager