First-party damages: refers to losses directly suffered by the policyholder (or insured) firm in response to a firm’s data breach or other covered cyber event.
Topic: First-Party Cyber Attack
CAMICO policyholder Mary Davis had just signed on to her computer one morning when she received an email from a “potential client” named “Tim,” who was requesting her services. In the email, “Tim” stated that he would pay Mary $7,500 upfront and an additional $300 for processing fees. “The client” asked Mary to invoice him via QuickBooks and so she did. QuickBooks fronted the $7,800 prior to any verification that there were funds in “Tim’s” account to cover the invoice. Four days later, “Tim” sent another email stating that he included an additional $11,000 because he wanted Mary to purchase computers for his daughters and ship them to him. The next day, Mary noticed a credit to her account for $20,000. Later that evening, she received another email from “Tim” saying that he had changed his mind about the computers and asked her to issue him a refund for $11,000 and so she did. “Tim,” (the fraudster) then cancelled the original transaction, causing Mary to lose $11,000 plus the $7,500 that QuickBooks fronted. This is because it turned out that there wasn’t any money in “Tim’s” account to cover the thousands of dollars. Mary contacted the police and her bank to notify them of the fraud and on the same day, she received a notification from Intuit (QuickBooks) that the initial transaction for $20,000 had been charged back. The police came to Mary’s residence and took a report but the damage was done. Mary was now a victim of fraud through her own business and the funds were not recovered.
Select the answer that is the correct response:
1. What kind of cyber attack occurred in this claim?
a. Ransomware
b. Phishing
c. Password attack
2. Was this first-party claim covered by the policyholder’s coverage with CAMICO?
a. Yes
b. No
3. Does CAMICO’s claims department see more first-party or third-party claims?
a. First-party claims
b. Third-party claims
Correct Answers:
1. b. Phishing is a variation of spoofing, which occurs when an attacker attempts to obtain personal or financial information from the victim using fraudulent means, most often by impersonating as another user or organization.
2. b. No. It was not covered because it was financial loss by the policyholder, which is not included in the CyberCPA endorsement, the Accountants Professional Liability policy, a Business Owner’s Policy (BOP) or theft policy. For a higher level of coverage, such as a stand-alone cyber policy, contact CAMICO for more information at 1.800.652.1772.
3. a and b. Both, and this is why: For every first-party claim that is reported, there is the risk of a third-party claim developing due to stolen information. CAMICO’s claims department investigates every claim with both first-party and third-party damages in mind. Third-party damages, if discovered, are handled under the Accountants Professional Liability (APL) policy. Therefore, if a first-party claim is reported, a third-party potential claim is also opened to lock in coverage should third-party damages occur. But in most cases, a third-party claim doesn’t arise because most policyholders become aware of their system being attacked prior to damages being able to occur. Many policyholders have their own IT team who can shut down the system and start a forensic investigation on what was taken and to notify people as soon as possible.
The “Claim Chronicles” are drawn from CAMICO claims files and illustrate some of the dangers and pitfalls in the accounting profession. All names were changed.
