• Report a Claim
  • 1-800-289-1501
  • Search for:
  • Get a Quote

    Get A Quote

Haylor Risk Management Blog

Beware the New Cyber Insurance Trap

Posted by Anto Almasian, AAI on Feb 23, 2024 1:25:57 PM

Understanding "Out-of-Band Verification" Clauses

The landscape of cyber insurance and the terms and conditions offered by providers are shifting. An increasingly common clause raising eyebrows is the "out-of-band verification" requirement. This stipulation, often buried within policy details, can significantly impact your coverage in case of cyberattacks like social engineering and funds transfer fraud.

iStock-1445275018

What is Out-of-Band Verification?

Imagine receiving an email from your CEO requesting an urgent wire transfer. Typically, you might verify the request internally by emailing the CEO back directly. However, the out-of-band verification clause requires confirmation using a separate method from the original request. Often this is a condition of coverage, meaning without doing it, you are not covered.

Why do Insurers use it?

Cybercriminals excel at replicating email addresses, logos, and even writing styles. This clause aims to prevent fraudulent transactions authorized based solely on seemingly legitimate digital requests. Insurers believe it adds an extra layer of security by forcing independent verification before releasing funds. Brokers believe it helps insurers protect their bottom lines by putting more responsibility on the policyholder, ultimately lowering their losses.

Beyond Coverage, What are the Potential Problems?

  • Disruption and Delays: Verifying every transaction outside the original communication channel can be cumbersome and delay legitimate business operations.
  • False Positives: Relying solely on out-of-band methods might miss legitimate, urgent requests, especially in fast-paced environments.
  • Lack of Clarity: Policy wording about triggering events and acceptable verification methods might need clarification to avoid confusion, disputes and ultimately, denial of coverage.

iStock-679353026

How Can I Help ?

  • We Will Read Your Policy Carefully: Understanding the exact wording and requirements of a potential out-of-band verification clause in your specific policy is the least your broker can do if such a clause is included.
  • Negotiate With Carriers For More Favorable Terms: We will work on potential modifications with your insurer, balancing security with operational efficiency with the goal of removing such clauses to reduce your burden.
  • Provide Multiple Alternatives: Increased capacity in the cyber insurance marketplace is temporarily providing stable, if not favorable pricing. Eventually claims (which continue at a high rate) will balance increased capacity, but looking into alternatives now can save your organization thousands.

Conclusion:

Out-of-band verification can offer additional security against social engineering attacks. However, it also presents challenges when it is a condition of cyber insurance coverage. As a policyholder, it's crucial to understand if you have this clause, its implications, and how to navigate its requirements effectively. By taking a proactive approach and seeking expert guidance from a trusted advisor, you can protect your business and avoid unpleasant surprises.

Anto Almasian, AAI, Risk Management Advisor

M 315-250-0544

 

Topics: Breach, Cyber, Ransomware, Hack, Hacking, Data, Insurance, Spear Phishing