July 20, 2017

Amid recent high profile incidents of system hacking & hijacking and holding companies to ransom to get back online, Perry Appleton advises members how to protect their business from these threats with the right insurance cover.

Phishing Scams, Clone Wars and Social Engineering…

Cyber risk is now a major and ever increasing threat to businesses – of all sizes and types; and yet perhaps the most underestimated. System interruption, privacy, and cyber crime events are now felt within all industries.

But what do we mean by cyber risk? What are businesses really exposed to?

The sort of exposures that businesses are facing in a cyber event include first-and third-party damage, business interruption, financial loss, reputational damage and regulatory consequences, including fines. These can be crippling – the potential costs (particularly relating to business interruption) are often grossly underestimated. All businesses should focus on identifying the key assets that could be at risk and any weaknesses in their systems and processes – not forgetting the “human factor”. Employees can and do, often unwittingly, cause large IT security or loss of privacy events.

Cyber risk is continually evolving. “Hidden risks” will no doubt continue to emerge. Third party electronic crimes involving the theft of money and fraud are on the increase – including phishing scams, electronic wire transfer fraud, telephone hacking and social engineering to name a few.

Here are some examples of the sort of claims that occur:

‘Clone wars – taking action against fraudulent activity’.

Despite rigorous procedures, there is always a chance that systems can be bypassed by someone that holds a position of trust. What would happen if your security was compromised and you become the victim of fraud?

In this scenario (a real example), the client is a business that provides UK nationwide distribution and road haulage services.

An employee of the business is accused of having stolen fuel cards from the client which were then cloned and used to pay for a significant amount of fuel.

The client discovered the unauthorised use of the fuel cards, on receipt of the periodic account statements submitted by the fuel card company, which showed unusual usage, and an investigation revealed that cards which had not been issued had been used to purchase fuel.

The original cards were locked in a secure cabinet in the office, where they had always been kept. The cards had either not been used or alternatively had been returned by previous employees and were not in use currently.

When the client discovered what had been happening, the client immediately notified the fuel card company and asked them to block the cards, so that further losses would not be incurred.

‘Held to account – Online fraud, its consequences, and how to deal with it.’

Criminals engaged in this type of activity can be sophisticated and very convincing. If they have somehow managed to obtain official information, that appears to be above board, they can end up obtaining access to even the most secure systems. If a fraudulent attack results in the theft of company money, what can be done?

The client is a Haulage company. Without authorisation, a substantial sum was transferred from the client’s bank account to an account held by another bank in the name of a supplier.

The next day, as soon as this was discovered, the client reported the unauthorised transfer to their own bank’s fraud investigation team; and the matter was then reported to the police

The bank’s fraud team immediately initiated a process to recover the funds with the other bank involved. However, it transpired that no funds remained.

During the investigation it was found that the fraudsters had compromised the client’s IT system and had installed malware on it. Through this they were able to convince the employees that they were genuine and subsequently duped them into revealing their passwords.

Because of the circumstances of the case, in line with their own protocol, the client’s bank would not refund the fraudulent loss.

Fortunately, the client held Cyber Crime Insurance, was fully supported by their insurers and was able to recover their losses in full.

Claire Russell/Simon Leech, Perry Appleton Risk Services.

Perry Appleton is behind the development and administration of UKWA’s bespoke insurance solutions; available exclusively for members and specially designed for the logistics and warehousing industry. For further information see here.