19 June 2017
Hacked off by cyber-crime?
Cyber-crime is on the increase. The recent attack on the NHS caused significant operational difficulties at a national level. This was a malware scam (encrypting data and demanding a ransom - ( bitcoins) to release encrypted data.
Actually cyber-crime has been around for a long time – but the attacks are becoming more prevalent and effective and now pose a real and current threat to business continuity.
We currently act for victims of cyber-crime frauds including a client who suffered two different attacks within a short space of time – Executive Impersonation Fraud and Change of Account Details Fraud – costing the business over £150,000.
There are many different types of cyber-crime, these include the following:-
- Executive Impersonation Fraud – impersonating a senior executive requesting payments to be made to fraudsters.
- Malware – encrypting data on your system and demanding ransom (usually bitcoins) to release the encrypted data.
- Phishing – requesting personal information regarding bank account details.
- Smishing – use of text messages to lure you into conversations.
- Vishing – the telephone version of smishing.
- Pharming – malicious code embedded on your computer enabling your entries to be mirrored on the website of the fraudster.
- Watering holes. A form of social engineering. Group website hiding malware on it e.g. regulatory organisations. This is downloaded by members who then use the website.
- Friday afternoon scams – any of the above perpetrated on a busy Friday afternoon particularly before bank holidays or the summer holidays.
- Advance fee scam – offering a levy to bring funds from offshore accounts in return for a fee.
The difficulty with cyber-crime is this. Once the crime has been perpetrated and discovered, it is likely that the funds have long since disappeared to fraudsters operating abroad in areas like the Eastern block and the payments will probably be irrecoverable from the fraudster at that time. Then the only options for recovery may be your general insurers, any specific cyber-crime insurance, or a claim against the banks for negligence.
Your normal public liability policy may not cover losses caused by cyber-crime, although you should check the position here. You may have taken out specific cyber-crime insurance – and a very high percentage of businesses and professionals are now considering this in earnest. However there may be issues with the cover, and the burden of proof for making claims, and/or relationship between the policy and your existing public liability policy.
Many promise technical support in the aftermath of an attack, rather than compensation for the actual loss. It may be better to take out cyber-crime insurance with the same insurers who provide your public liability or professional negligence insurance to avoid some of these risks.
You can also consider bringing a claim against your bank or financial institutions. As you will have signed the bank's terms and conditions the bank will try to limit both their duty of care and their liability to you.