Policy covers theft of data, but does it cover theft of money too?

Brokers and policyholders better check cover inclusions

Policy covers theft of data, but does it cover theft of money too?

Cyber

By Terry Gangcuangco

The very reason policyholders purchase insurance is to cover losses, so it’s important that sufficient protection is in place. If you’re a broker whose clients include school owners, here’s information from Cyber|Decider you might find useful.

According to the comparison website, private school fee payments – which generally cost between £4,000 and £10,000 per term – are being targeted by hackers, no thanks to many schools having poor cyber security.

“In 2017 we saw schools generally become a big target for cyber criminals,” noted Cyber|Decider chief executive Neil Hare-Brown. “Their security is often poor, and their fees administration largely undertaken out of their electronic mailbox which is often hosted online, making it easy to hijack.

“In addition, the parents with whom they communicate generally use webmail, and often from insecure systems. Families and schools are sharing lots of information about payments for fees, trips, and everything else, so these mailboxes hold lots of important personal data such as bank and credit card details, passport images, medical and family information.”

Hare-Brown added that scams operated over the holiday season when schools are closed mean alerts will not be raised quickly, giving attackers time to transfer funds with little chance of recouping them.

“The big problem is ‘who picks up the bill’, especially for the stolen school fees,” he said. “Many schools don’t have cyber insurance, but even those with policies should check them carefully as many cyber insurance policies will not cover the money stolen.

“For instance, several insurers only cover this under a crime policy – the cyber policy will only cover theft of data and not theft of money. Even where the cyber policy does cover theft of the money, there may be a sub-limit or restrictions on cover such as an exclusion for ‘social engineering’ losses (i.e. where parents are tricked into sending the money to a dummy account).”

Cyber|Decider said organisations taking payments, especially schools, should have suitable cyber security measures in place and consider getting protection against theft of money and follow-on crimes.


Related stories:
Cyberattack hits art galleries, says specialty insurer
Ascent tackles computer crime with enhanced product

Keep up with the latest news and events

Join our mailing list, it’s free!