WTF! That’s the acronym a cyber insurance expert in California uses to help his clients pay attention to one of the most common cyber-related losses – wire transfer fraud. Ironically, WTF is also what an employee will be thinking after falling prey to wire transfer fraud (also called social engineering or CEO fraud) and then transferring a large amount of money to a cyber crook.
Coverage for wire transfer fraud is “a massive selling point for a quality cyber policy,” according to Patrick Costello, principal at Evolve MGA, a cyber insurance firm based in San Rafael, CA. It’s an exposure that applies to literally anybody with a bank account, and yet, oftentimes insureds assume coverage for wire transfer fraud is not included in their cyber insurance policy because they don’t see it as a cyber risk.
This is one of the “big misconceptions” in the cyber insurance industry that Costello and the team at Evolve MGA are trying to shed some light upon. The firm was set up four-years-ago by brothers Patrick and Michael Costello with one key goal – to provide “more value to insurance brokers than anyone else” in the cyber insurance market. Costello claims Evolve MGA has “the broadest cyber insurance coverage that currently exists,” which is supported by a cyber claims team with over 20-years of experience.
“We work directly with retail insurance brokers every day and I’m confident we can provide more value for those brokers than they’re currently getting from the market,” Costello told Insurance Business. “Many brokers experience pain points around the cyber insurance application process. A lot of large carriers have very detailed, intense, IT-related questions on their applications. It’s not uncommon for these applications to go from five to 10 pages and this deters business owners right off the bat from completing the application, let alone purchasing the cyber policy.
“Beyond that, I think education is a huge hurdle across the retail broker marketplace because cyber forms are evolving every few months. Cyber insurance policies today are made up of a hodgepodge of different coverages, like data breach, first-party hacking, systems failure, business interruption, etc. When you have a policy that’s made up of multiple different triggers, and you have industries with different cyber exposures based on the services they’re performing, it’s very easy to see why an insurance broker could get confused as to what’s a good cyber policy versus a bad cyber policy.”
Evolve MGA’s large team of cyber specialist underwriters work directly with retail brokers to educate them around changing cyber exposures, evolutions in coverage, and industry-specific risks. The firm professes tackling cyber risk with a contemporary outlook, helped hugely by the fact that the majority of Evolve MGA employees are tech-savvy millennials. They’ve grown up utilizing technology and exploring how digital systems work, which means they have great insight into the different risk factors companies face when they rely on technology to run their businesses, Costello explained.
Since 2015, Evolve MGA has been able to double its book of business on an annual basis. The firm currently has eight offices across the US, and it’s looking to maintain its rapid growth with new employees and more premium.
“We fully understand we’re in the relationship business,” said Costello. “When it comes to cyber, insureds need experienced claims teams and coverage that will react in the event of legitimate claims. At Evolve MGA, our entire goal is to provide more value to the brokers we work with than anyone else. That means we need to be available at the drop of a hat to help them understand the risk, pick apart an issue they’re dealing with, and comprehend a complex coverage form that they’re not used to dealing with.
“Unfortunately, a lot of cyber forms in the market include drawbacks and caveats, especially when it comes to first-party coverage. For example, a lot of carriers include warranty statements that require the insured to carry out duel factor authentication before carrying out a wire transfer. If the insured fails to do that on the specific instance that results in a wire transfer fraud claim, the carrier has the ability to deny that claim. A lot of carriers in the marketplace say they offer good coverage and cybersecurity services, but they will deny claims based on those warranty statements. In contrast, we’re looking to offer high-quality coverage that insureds can rely on.”