Imperfect storm of cyber risk, fraud and lawsuits

Here’s a bad day turned into a bad week, month, year for a CEO of a mid-sized company.

The mistake

One of the firm’s best employees, who works in the office of the CEO and in a rush to get things done, signs off and executes a money-wire to a fraudulent vendor on a Friday afternoon. The company was in the middle of building a new headquarters and had a time crunch to get it completed as the lease at their current HQ was ending. The situation was creating a tense environment for all, including the CEO.

How the fraud was structured

Fraudulent information can be used to create a sense of believability

A fraudster, pretending to be a subcontractor for the general contractor (GC) building the new headquarters, sent an urgent email request stating that they were hired to do all the HVAC work for the new building but that they would not start until they got 50% of their costs upfront – a total of $1M. Their email included an email exchange (fraudulent) between the GC and the fraudulent sub-contractor on the issue to increase the believability.

Recognizing the GC’s firm and contact on the email chain as accurate, Bob went ahead and wired $1M to the fraudulent vendor, in part to take the stress off of the CEO. Poof – $1M gone!

Then it turned into ransomware

Adding insult to injury, the fake vendor, after stealing that $1M, audaciously reengages with the firm on Monday morning to say that he has placed malware on the company’s systems that will freeze all systems and demands $100K to remove it.

Once the CEO became aware of the overall scenario, she fired Bob.

Followed by wrongful termination

Bob, while upset at his blunder, is still furious at losing his job. He immediately threatens suit for wrongful termination. In fact, remembering that he had complained to the CFO that the company had not established good protocols for any large financial transactions, he thinks this incident may have been a mask for a retaliation firing.

Then it escalates

Failure to establish good protocols for large financial transactions can lead to retaliation and damage client relationships

Then on Tuesday, after news of the situation spread, and because the company’s services are sold to both the local and state governments, regulators reach out to the CEO to understand what happened.

That same day, a minority investor in the company demands an explanation as to what happened and, after getting a limited response, threatens to sue the company and the CEO and CFO for potential damages to the value of the company.

Is any of this covered?

Sounds dramatic…or does it?! In today’s world of risk convergence, this is not that far-fetched a story. Luckily, there are related insurance coverages that can help be a backstop for the losses incurred in the wake of all this. And they can all be purchased together with leading insurers with specialized offerings, with the counsel and service of specialized brokers guiding the process.

How it breaks down:

  • Crime/Bond insurance – The fraudulent inducement described (aka “social engineering”) can be covered if properly endorsed onto the crime/bond coverage
  • Cyber insurance – The ransomware threat (aka “cyber extortion”) is definite coverage option within a cyber insurance program
  • Employment practices liability (EPL) – Wrongful termination and retaliation are absolutely covered under most EPL policies
  • Directors & officers (D&O) – Suits by minority investors and/or investigations of executives by regulators certainly trigger coverage under the D&O insurance

Talk to your insurance professional at WTW to find out more!


Click here to learn more about comprehensive cybersecurity from Willis Towers Watson.

About Andrew Doherty

Andrew J. Doherty is Willis Towers Watson’s Head of Thought & Product Leadership (TPL) / Middle Market Segmen…
Categories: Cyber Risk, Directors & Officers, Executive Risk, Reinsurance | Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *