Hacked Company Loses Insurance Battle Over Customer Payment Scam

2

The company, holding a management liability insurance policy, sought to claim under its third-party crime coverage to recover the outstanding bills from the customers. However, AIG Australia denied the claim, stating that the policy only addressed "direct financial loss" from theft or fraud by a third party, and argued that since the stolen money belonged to customers, the business itself did not suffer a direct loss.

The Australian Financial Complaints Authority (AFCA) reviewed the case and acknowledged the company's loss. However, it determined that the loss did not align with the policy's specific terms. The ruling emphasized that only the company's customers faced direct financial loss, whereas the company experienced an indirect one due to subsequent non-payments.

The AFCA explained that the hack did not meet the company's policy definition of theft, as the stolen funds belonged to the customers, not the business. This discrepancy meant that the policy's electronic and computer crime coverage was not applicable. Additionally, the policy's criteria for "fraudulent act," which required acts of forgery or counterfeiting the insured had acted upon, were not met since the company was unaware of the false invoices.

This case highlights the critical distinction between direct and indirect financial losses in insurance claims, emphasizing the importance of understanding policy terms. For businesses, particularly those prone to cyber threats, it underscores the significance of having insurance coverage that appropriately addresses loss scenarios stemming from such events. It also serves as a cautionary tale of the complexities involved in recovering from cybercrime attacks without adequate protection.

Moving forward, businesses should ensure robust cybersecurity measures to prevent similar email hacks, coupled with clarifying insurance policies for adequate coverage against indirect financial losses as a result of customer fraud. This scenario may lead insurance providers to reevaluate their product offerings, potentially driving the development of more comprehensive cybercrime coverages. Additionally, the financial sector might witness increased discussions on how to formulate clearer policy definitions that align with the evolving nature of cyber threats.

Published:Tuesday, 11th Mar 2025
Source: Paige Estritori

Share this news item:

Insurance News

Clear

Landmark NSW Decision: Dog Walking Costs Covered in Car Crash Injury Claims 03 Jul 2025: Paige Estritori In a groundbreaking decision by the NSW Personal Injury Commission, an insurer has been directed to cover the costs of dog walking services for a car crash victim. The commission ruled that these services classify as domestic assistance under the state’s Motor Accident Injuries Act. This case could pave the way for broader interpretations of 'attendant care services' for claimants. - read more

Extreme Weather Drives $1.8 Billion in First Half Losses for Australian Insurers 03 Jul 2025: Paige Estritori Extreme weather events in Australia have resulted in significant financial impacts for insurers, tallying $1.83 billion in losses during the first half of the year. This comes as insurance companies gear up for further claims linked to ongoing severe weather in New South Wales. - read more

ClearView Names New Underwriting Head Amidst Strategic Changes 30 Jun 2025: Paige Estritori ASX-listed life insurer ClearView has announced the appointment of Peter Tilocca as Head of Underwriting, coinciding with key updates to its underwriting standards and definitions. Tilocca's extensive two-decade career in Australian underwriting includes leadership roles at Zurich, Noble Oak, One Path Life, and RGA Australia. His new role with ClearView commenced on 30 June. - read more