Cyber risk space is quite new for most and very technical. Many businesses may not have a good grasp of the risk landscape resulting in them purchasing cyber insurance where the policy wording may look to be deceivingly wide. Most common of risks may not be covered. In MSH vs. Axis Insurance [2021] the insured feel victim to email fraud. Question was whether it fell under the definition of ‘computer transfer fraud’ (CTF).
MSH received an email from one of their vendors advising that future payments should be routed to a new bank A/C. Funds totaling $1m were transferred as instructed after being authorized by 3 high level employees of MSH. After being made aware that they had been a victim of cyber fraud, MSH claimed their losses from their insurers under the CTF provision. Claim was denied as funds were not transferred without MSH's knowledge - a key requirement of this provision.
Court agreed with Axis. Although hackers had created a fraudulent channel in MSH’s email system through which they could monitor and alter emails, it did not constitute computer fraud as defined in the policy as hackers did not manipulate any of the systems. The policy also required the insured loss to occur without involvement of the insured’s employees, which was not the case here.
Comments