Confusion Between Cyber & Crime Insurance Puts Businesses at Risk

Mansfield based insurance broker, Cowens, has found an alarming number of businesses continue to confuse crime insurance with cyber insurance, putting them at risk of financial losses to criminals who use internet and telephone lines to obtain money through fraudulent means.

In light of HMRC’s recent warning against fraudsters using email, text and even social media to scam money from unsuspecting taxpayers, it’s never been more important to ensure you have the right policy in place to cover all eventualities.

Many people don’t realise this type of incident is actually covered under a crime insurance policy. It covers real money rather than a cyber policy aimed at losing data and subsequent associated costs. This is where it becomes confusing and an easy mistake to make when the criminals have used cyberspace to facilitate their fraud.

Karl Sutcliffe, Broking Director at Cowens Survival Capability, commented: “Almost all of us have received a scam HMRC ‘tax rebate’ or something similar and businesses are no different. Scam phone calls and emails come through to some businesses on almost a daily basis containing fraudulent invoices, requests for bank details or cheque signing. These operations are well-thought-out and extremely convincing.

“In cases such as the HMRC scams, where actual money is moved from an account, crime insurance is essential. We’ve noticed a surprising number of businesses who believe their cyber policy will fully cover theft of this type, but sadly it isn’t the case. The good news is that a crime insurance policy can be easily added to your commercial programme, and the premiums are tailored to individual risks – we ensure all clients understand the difference in cover and that they have in place exactly what they need as these scams become increasingly widespread and professional.”

Some cyber policies offer a crime extension, but this still may not cover a business for all eventualities. CEO at Cowens, Paul Chaplin, said: “The issue with crime extensions on cyber policies is that the cover is often quite a lot narrower, even in cyberspace. Some extensions only cover pure electronic theft; therefore, if the insured is involved in any way – for example, if they open an attachment or transfer the money to the criminal, there is no cover at all. It’s also essential to remember that a cyber policy will not cover theft by an employee or a face-to-face trick, and a simple crime extension won’t cover the vast majority of standalone crimes. I cannot emphasise enough how important it is to have a competent insurance broker who understands the differences in cover.”

Karl continued: “In cases like the HMRC scams and similar, your employees can be your biggest weakness. I’ve seen a business lose thousands because a scam was sent to a busy employee who wasn’t briefed properly or wasn’t paying attention! Start with communication and strategy; every staff member should receive step-by-step training on what to do if they believe they are at risk and should know who to report any concerns to. Businesses should put a whistle-blowingCrime concept.

procedure in place – your IT Manager must alert your Financial Director of any suspicious activity, for example, and appropriate action is taken.

“Businesses should have a minimum two-step authentication process on all payments and quarterly fraud risk assessments across the whole business. You should work together with your insurance broker and bank to ensure all precautions are in place, as this will ensure your insurer will assist and settle any claims should the worse still happen.

“Finally, remember if something seems too good to be true, it usually is! Always encourage staff to be vigilant, put precautions in place and together with a tailored commercial crime policy, the potential impact on the business will be significantly reduced.”

For more information on putting a crime insurance policy in place for your business or assessing your other insurance requirements, contact Cowens on: info@cowensgroup.co.uk.