A number of courts have considered the issue of whether fidelity and crime policies with “computer fraud” provisions provide coverage for events in which employees are fraudulently induced to respond to inquiries purporting to be from a valid source, and in response, wire money to a third-party perpetrator. These courts are divided, however, as to whether coverage is available for these types of fraudulently-induced transfers under fidelity and crime policies. The Fifth and Ninth Circuits have both held that typical computer fraud provisions do not extend to losses resulting from this type of fraud. Apache Corp. v. Great Am. Ins. Co., 662 F. App’x 252 (5th Cir. 2016); Pestmaster Servs., Inc. v. Travelers Cas. & Sur. Co. of Am., 656 F. App'x 332 (9th Cir. 2016); Taylor & Lieberman v. Fed. Ins. Co., 681 F. App'x 627 (9th Cir. 2017). Despite this appellate authority, some district judges in other circuits have held that policyholders are, in fact, entitled to coverage under similar circumstances.
A set of recent decisions underscores the uncertainty about whether fidelity and crime insurance policies that provide coverage for “computer fraud” will apply in response to a fraudulently-induced transfer. The cases have similar facts and similar policy provisions, however, the outcomes are different—highlighting the need for policyholders to consider obtaining specialized coverage to avoid potential coverage gaps. In August 2016, a Georgia district court ruled that the computer fraud provision of a company’s commercial crime policy provided coverage for an incident in which an employee wired funds outside of the company after being induced to do so by receipt of an email later determined to be fraudulent. Principle Sols. Grp., LLC v. Ironshore Indem., Inc., No. 1:15-CV-4130-RWS (N.D. Ga. Aug. 30, 2016),and in July 2017, a New York district court likewise ruled that the computer fraud provision of a company’s commercial crime policy provided coverage for an incident in which a perpetrator sent fraudulent emails to company employees, tricking them into wiring money overseas. Medidata Sols., Inc. v. Fed. Ins. Co., No. 15-CV-907 (ALC) (S.D.N.Y. July 21, 2017). Most recently, however, on August 1, 2017, a Michigan district court reached the opposite conclusion, holding that a company was not entitled to coverage under its commercial crime policy for an incident in which perpetrators posing as a vendor used fraudulent emails to induce company employees to wire money to a sham account. Am. Tooling Ctr., Inc. v. Travelers Cas. & Sur. Co. of Am., No. 16-12108, at *1 (E.D. Mich. Aug. 1, 2017).
These cases underscore the growing uncertainty surrounding whether traditional fidelity and crime insurance policies will provide coverage for fraudulently-induced transfers. Until the law develops further, policyholders should evaluate the necessity of separate coverage particular to these types of losses—such as a stand-alone cyber liability policy—or instead attempt to obtain broader coverage in their existing fidelity and crime policies.