Hacked Company Loses Insurance Battle Over Customer Payment Scam
Hacked Company Loses Insurance Battle Over Customer Payment Scam
2
The information on this website is general in nature and does not take into account your objectives, financial situation, or needs. Consider seeking personal advice from a licensed adviser before acting on any information.
A company recently faced a significant setback after losing an insurance claim dispute related to funds stolen in a fraudulent email scheme.
Cybercriminals infiltrated the business's email system, sending out fake invoices that directed clients to pay into a bogus bank account.
Consequently, two customers inadvertently transferred a total of $66,148 to the fraudulent account.
Attempts to retrieve this money were unsuccessful, and the customers refused further payments to the company.
The company, holding a management liability insurance policy, sought to claim under its third-party crime coverage to recover the outstanding bills from the customers. However, AIG Australia denied the claim, stating that the policy only addressed "direct financial loss" from theft or fraud by a third party, and argued that since the stolen money belonged to customers, the business itself did not suffer a direct loss.
The Australian Financial Complaints Authority (AFCA) reviewed the case and acknowledged the company's loss. However, it determined that the loss did not align with the policy's specific terms. The ruling emphasized that only the company's customers faced direct financial loss, whereas the company experienced an indirect one due to subsequent non-payments.
The AFCA explained that the hack did not meet the company's policy definition of theft, as the stolen funds belonged to the customers, not the business. This discrepancy meant that the policy's electronic and computer crime coverage was not applicable. Additionally, the policy's criteria for "fraudulent act," which required acts of forgery or counterfeiting the insured had acted upon, were not met since the company was unaware of the false invoices.
This case highlights the critical distinction between direct and indirect financial losses in insurance claims, emphasizing the importance of understanding policy terms. For businesses, particularly those prone to cyber threats, it underscores the significance of having insurance coverage that appropriately addresses loss scenarios stemming from such events. It also serves as a cautionary tale of the complexities involved in recovering from cybercrime attacks without adequate protection.
Moving forward, businesses should ensure robust cybersecurity measures to prevent similar email hacks, coupled with clarifying insurance policies for adequate coverage against indirect financial losses as a result of customer fraud. This scenario may lead insurance providers to reevaluate their product offerings, potentially driving the development of more comprehensive cybercrime coverages. Additionally, the financial sector might witness increased discussions on how to formulate clearer policy definitions that align with the evolving nature of cyber threats.
Published:Tuesday, 11th Mar 2025 Source: Paige Estritori
Please Note: If this information affects you, seek advice from a licensed professional.
Recent findings from PwC's Insurance Banana Skins Survey indicate that Australian insurers are trailing their global counterparts in preparedness for cyber threats. The survey, which gathered insights from 698 insurance executives across 42 territories, revealed that Australian insurers scored 6.6% lower on the Preparedness Index compared to the global average. - read more
The Australian Securities and Investments Commission (ASIC) has unveiled its enforcement priorities for 2026, placing a significant emphasis on the insurance sector. Key areas of focus include insurance claims handling, pricing transparency, and financial reporting, reflecting ASIC's commitment to addressing both new and ongoing risks within the financial landscape. - read more
The Australian Prudential Regulation Authority (APRA) has released a response paper detailing proposed refinements to the general insurance reinsurance framework. These changes aim to improve insurers' access to alternative reinsurance options, such as catastrophe bonds and insurance-linked securities (ILS), while maintaining prudential standards. - read more
In Australia, tradies are the backbone of many local communities, providing essential services in fields such as construction, plumbing, electrical work, and more. These skilled professionals often operate their own businesses or work as contractors, making financial stability paramount. - read more
Preventing injuries in the workplace is essential for ensuring the safety and well-being of employees. It also plays a critical role in maintaining a productive and efficient working environment. When workers are safe, they are more likely to remain healthy, motivated, and engaged with their tasks. - read more
Public liability insurance is a type of coverage designed to protect you in the event that a member of the public is injured or their property is damaged because of your business activities. It's essential for tradespeople whose everyday work involves interacting with clients and the public—or working in environments where accidents could happen. - read more
Knowledgebase
Peril: A specific risk or cause of loss covered by an insurance policy, such as fire, theft, or flood.
