Ask the Underwriter: Are You Covered for a Data or Security Breach?

"My policy includes the optional cyber liability endorsement. Are there any requirements I need to follow to ensure I have coverage in the event of a data or security breach incident?"

That’s a good question. Your policy includes the optional cyber liability endorsement unless you specifically declined it. This endorsement provides coverage for data or security breaches first discovered and reported during the endorsement period. 

One of the sub-limited coverages under this endorsement is for eCrime which includes fraudulent instructions, funds transfer fraud, and telephone fraud. Specifically, coverage for fraudulent instructions applies when a third party misleads the insured through false written, electronic, or verbal communication, resulting in a fraudulent financial transaction.   

Assuming all other conditions are met, and no exclusion applies, to qualify for coverage under the eCrime provision for fraudulent instructions, the insured must show that they verified the authenticity of the request using a method other than the original communication channel. This process is known as Out-of-Band Communication which we addressed in a previous ‘Ask the Underwriter'.

As a refresher, out-of-band communication involves confirming wiring instructions or changes thereof through a separate channel such as calling a known number, meeting in person, using a secure client portal, or any method distinct from the original (e.g., email or fax). This verification not only helps prevent fraud but is also a condition for coverage under the endorsement.   

If out-of-band communication is not part of your firm’s processes and procedures, it is a procedure you need to adopt today. Check out this ‘Ask the Underwriter’ for some best practices tips.