Cyber coverage is an important part of an association’s insurance portfolio. It can protect an association from a loss resulting from a data compromise, cyber extortion, or business interruption.
Any association that stores personal information such as owner addresses, social security numbers, credit card information, or banking information is legally obligated to protect and secure that information. If a breach occurs that requires the association to notify unit owners and cover costs for credit monitoring, cyber liability insurance can cover these costs. It can also provide coverage in the event money is lost to cyber extortion (ransomware), as well as cover costs if operations are interrupted due to a cyber-attack.
One coverage that is frequently lumped in with the concept of cyber coverage is social engineering coverage. “Social engineering” is a term used to describe an attack using human interaction and deception to obtain sensitive information. The distinction from other kinds of fund transfer fraud is that social engineering leads to the voluntary transfer of funds from an association to an attacker rather than fraud arising from the hacking of computer systems or accounts.
For example, an association hires a contractor to make repairs to the roof. The contractor emails an invoice for $45,000 to the association’s management company for payment. Shortly after, an attacker who is impersonating the contractor uses a nearly identical email address and emails the management company an invoice. The new invoice states that payment should be sent to a different account and provides ACH information. Believing the attacker’s email to be from the contractor, the management company sends $45,000 using the provided ACH information. The funds are transferred to Oregon’s largest insurance provider of condominium and association insurance. the attacker’s account instead of the contractor’s account. A few weeks pass before anyone discovers that the contractor never received the funds.
The insurance industry has seen an increase in claims caused by attackers using this tactic to steal association funds. Twenty years ago, these cases didn’t exist. However, in the last four years we at ABI Insurance have seen a significant increase in this type of crime.
Sometimes associations assume all cyber policies include coverage for lost funds from attacks like this. However, while some cyber policies include coverage for social engineering, not all do. Without a policy that specifically covers social engineering (sometimes called cyber deception or a similar name), there is no insurance coverage for funds lost in this manner. For this reason, it is important to review your association’s policy. Confirm social engineering coverage is included and that the limit is appropriate for the association’s needs.
Make More Happen Award
