The Gap

There is a little-known gap that exists between E&O policies and Cyber liability policies, which in our opinion is a worthwhile talking about.  

E&O Insurance policies trigger coverage for various situations but almost all of them exclude 3rd party funds lost via wire transfer.

Now here is the gap situation… a bad actor contacts the real estate agent masquerading as the title person, closing attorney or someone else involved in the closing, and shares funding instructions for the wire transfer via email, text or voice. The real estate agent forwards these fraudulent funding instructions to their client who compiles with them and now that money is gone. The client sues the real estate agent for instructing them to send their money to the wrong place.  E&O does not coverage it because it is lost funds via wire transfer and cyber does not coverage it because there is no cyber breach of the insureds computer systems that lead to the lost.   

Cyber Liability policies trigger 3rd party liability coverage based on the presence of a cyber breach event that allows bad actors to gain access to valuable information to harm a client of yours. The most common version of this is the famous and all too popular wire transfer fraud email / telephone scam where closing information is stolen and “last minute” instructions to direct funds to a false bank account are emailed to your client as if the email is coming from their real estate agent. If the money is lost this situation is covered in many cyber liability policies.

This exact gap is NOW covered by PBI Group’s policy. If you are interested in a quote contact us today.  

Wire Fraud Situation: Seller is the Victim

Interesting twist on a Wire Fraud situation… this time the seller’s money does not reach the intended location after the closing is complete due to a cyber breach at the real estate agency or title company. This is a little different than normal because most of the situations we’ve seen are where the buyers money is stolen leading up to closing. This time the closing went off without incident but the bad actors tricked the title company into wiring the proceeds of the sale to the wrong sellers bank account.

Digital Property Replacement Coverage

Digital Property Replacement is a subset of the Breach Rectification coverage of the cyber liability policy that PBI Group recommends. This section covers the replacement of software, data and hardware which has been destroyed because of a network breach of your IT systems. A good example is your email system which could be corrupted during a breach and now users no longer have access to their emails. Below are excerpts from the policy and some commentary to help understand what is covered and not covered in this nuanced section.

 “Digital Property Replacement means those reasonable and necessary costs incurred to replace, restore, or re-collect Digital Property from written records or from partially or fully matching electronic data records due to their alteration, corruption or destruction caused by a Network Security Failure. This shall include Network Security Failure Investigation Expenses; however, in the event that the Digital Property cannot be replaced, restored or recollected, Digital Property Replacement shall be limited to the reasonable and necessary costs incurred to reach this determination. “

 Some importantly related definitions to help explain what is included in the above definition of Digital Property Replacement.

 “Digital Property means software and data in electronic form which is stored on the Your Computer System. Digital Property shall include the capacity of the Your Computer System to store information,process information, and broadcast information over the Internet. “

 “Your Computer System means a Computer System that is leased, owned, or operated by You; or operated solely for Your benefit by a third party service provider under written contract with You.”

 “Computer System means computer hardware (including laptops and mobile devices), software, firmware, and the data stored thereon, as well as associated input and output devices, data storage devices, networking equipment and Storage Area Network or other electronic data backup facilities.”

 So, in general, this section of coverage provides protection to restore your computer systems back to their pre-breach state of operations, including the rebuild of the information inside the systems. But there are some exclusions worth noting.

 “Digital Property Replacement does not include:

  1. costs or expenses incurred to update, replace, restore, or otherwise improve Digital Property to a level beyond that which existed prior to the loss event;
  2. costs or expenses incurred to identify or remediate software program errors or vulnerabilities, or
  3. costs to update, restore, replace, upgrade, update, maintain, or improve any Computer System;
  4. costs incurred to research and develop Digital Property, including Trade Secrets;
  5. the economic or market value of Digital Property, including Trade Secrets;
  6. costs or expenses incurred due to ordinary wear and tear or gradual deterioration of Digital Property, including any data processing media; or any other consequential loss or damage.”

Other Exclusions with some additional clarification:

  1. “Solely with respect to Digital Property Replacement coverage, any transmission of unauthorized, corrupting or harmful software code, distributed attacks, viruses, worms or malware which is self-propagating.”

Digital Property Replacement is a 1st party coverage designed to protect the insured. This means that there is no 3rd party coverage for digital property replacement for someone else’s computer systems which maybe damaged by self-propagating/ harmful code from your computer systems. There may be other coverage under the Network Security and Privacy Liability section of the policy if a 3rd party sues but that is not considered digital property replacement.

  1. “Solely with respect to Digital Property Replacement coverage, any operator error, software error, faulty instruction, unintentional programming error, or failure in project planning.”

This means the damaging event must be breach related, not a flaw in your organization. You can’t cause the issue by something you did to your computer systems.

  1. “Solely with respect to Digital Property Replacement coverage, any accounts, bills, evidences of debt, money, valuable papers, records, abstracts, deeds, manuscripts or other documents, except as they have been converted to data processing media form, and then only in that form.”

This means that the policy will not manually re-collect digital data from physical documents which are listed above. For example, if your billing system was breached and is now destroyed but you have a bunch of physical invoices in boxes which were never entered into a system as data, the policy cover will not work through those physical files to enter them into the newly restored accounting system.

*Based on policy information provided by: Victor O. Schinnerer & Company, Inc.