THE TALE OF TWO CASES: UNDERSTANDING CYBER LIABILITY

Nick Webster
Risk Manager, City of Winston-Salem
background image

Two recent cases highlight the importance of understanding the nuances of insurance coverages pertaining to cybercrime and liability.

American Tooling Center, Inc. v. Travelers Casualty and Surety Company of America

The U. S. District Court in Ann Arbor, MI ruled that a 2015 incident involving spoofed emails was not covered by American Tooling Center, Inc.’s (ATC) insurance policy with Travelers, which provided coverage for computer fraud. The incident involved an outside party forging an email which appeared to come from a vendor of ATC. The emails instructed ATC to direct payments for outstanding invoices to a new bank account. ATC did not verify the new account information and subsequently transferred approximately $800,000 to a fraudulent account.

ATC filed a claim for the loss with Travelers but was denied. On August 1st, 2017, Judge John Corbett O’Meara found that ATC’s policy with Travelers required a “direct loss…directly caused by the use of any computer.” Judge O’Meara found that ATC’s loss wasn’t directly caused by the use of a computer due to ATC’s failure to verify the authenticity of the new bank account information provided in the spoofed email.

Medidata Solutions, Inc. v. Federal Insurance Co.

In a somewhat similar case, albeit with a different outcome, a U.S. District Court in New York ruled that Medidata’s claim, also involving email spoofing, was covered under an insurance policy that had been acquired through Chubb Ltd. A forged email, which appeared to be from the president of Medidata, was sent to an employee of the company, directing said employee to wire money to a fraudulent account. The employee wired approximately $4.8 million to the account.

Chubb Ltd. initially denied Medidata’s claim, stating that the emails did not involve a manipulation of Medidata’s computers and were instead due to the manipulations of the individual employees involved. However, the U. S. District Court in New York later ruled that the circumstances of the claim fell under the computer fraud language of Medidata’s policy.

These two cases exhibit the importance of fully understanding the specific policy language of your coverages related to cybercrime and liability, as well as the need for sophisticated internal controls governing wire transfers. The fact that an outside entity may use a computer to facilitate a fraud through social engineering techniques, such as email spoofing and phishing, does not guarantee that you will be covered under a computer crime or cyber liability policy. Regardless of your cyber hygiene protocols and barriers against network penetration, your greatest weakness as it pertains to cyber liability will always be the fallibility of your employees, and it is paramount to understand whether that risk is being adequately managed to avoid unplanned retention.

By: Nick Webster
Risk Manager, City of Winston-Salem

Summary of Qualifications

Nick has 12 yearsof experience in risk management and 7 years of experience working as a claims adjuster. He is an ARM candidate, with an anticipated completion date of December 2017. He is also a former contributor to the Winston-Salem Journal and a certified North Carolina company adjuster.

Responsibilities

Nick is the leader of the risk management, employee safety, and workers' compensation programs for an organization with over 2,600 employees. He serves on the board of directors of the Risk Acceptance Management Corporation, a city-owned entity that operates as a captive insurer for the Winston-Salem. He is responsible for obtaining and negotiating insurance policies for the city, including for a property insurance portfolio of over $1 billion in city properties. Nick also serves as an advisor to the city council as well as a contact for local newspaper and television media for risk management-related issues pertaining to the city.

Business Experience

  • Senior Claims Professional with Key Risk (2005-11)
  • Claims Compliance Specialist with Key Risk (2011-16)
  • Risk Manager, City of Winston-Salem (2016-Present)

Professional Affiliations

Nick is a member of both national PRIMA and PRIMA's North Carolina chapter.

Education

  • Appalachian State University, Class of 2005
    Bachelor of Science in Business Administration
  • University of North Carolina, Greensboro, Class of 2014
    Master of Business Administration

Sign Up for Our Education Newsletter

You Might Also Be Interested In