Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    “Failure to Authenticate” Wire Transaction at the Heart of a Cyber Insurance Appeal Case

    Lawsuits over denied cyber insurance claims provide insight into what you should and shouldn’t expect from your policy – and that actions by your own users may make the difference.

    The recent appeal of the Star Title Partners of Palm Harbor vs. Illinois Union Insurance Co. case initially sounds like a pretty standard story we’ve seen over the last few years. The insured has some form of cyber incident, they put in a claim, the insurance company denies it on a technicality, the insured sues, and the court sides with the insurer.

    In the case of Star Title, the specifics are pretty standard if you’re paying attention to Cyber Fraud attacks: Star Title received an email from someone posing as a Texas mortgage company asking to change the banking details for the upcoming transaction but failed to authenticate the sender. Star Title sent the funds to the fraudster-controlled bank account and lost the funds. The submitted a claim through their cyber insurance policy and were denied.

    What should get the attention of every organization concerned that their cyber insurance won’t cover a loss is found in the answer brief from the Florida Eleventh Circuit Court of Appeals. In it, the presiding judge found that the negligent actions of the employee was a major contributing factor to find for the insurance company.

    Just because your insurance policy says it covers a particular type of cyber incident, there are always particulars in the policy that dictate the circumstance – the perfect storm, if you will – that need to take place perfectly for the policy to kick in.

    The authenticating of a change to an existing financial transaction is a cardinal rule over here. Every organization should be putting any employee with access to company funds or responsibility for financial transactions through Security Awareness Training which, among other things, will educate the employee about scams like these, and how to both verify legitimacy and identify potential fraud – all before a transaction take place.

    Insurance is helpful, but the lesson learned here is take steps to minimize putting your organization in a situation where it’s necessary to use your cyber insurance.


    Request A Demo: Security Awareness Training

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top