When companies have their bank accounts hacked and cash moved out, they're not insured. FDIC insurance only covers personal accounts—when commercial accounts and trusts are hit by fraud, reimbursement depends on the bank . . . and many banks won't compensate customers. The solution? One small insurance agency in suburban Philadelphia is offering cybertheft insurance for small businesses.
Commercial Deposit Insurance Agency (CDIA) is one of the first American insurers to cover commercial accounts against online attacks. The company insures commercial bank accounts of up to $50,000 against theft caused by online fraud. Founder Marc Kramer told Fast Company that, "If a hacker breaks into a business, nonprofit, or trust account owners' computer and obtains the user name and password for their bank account and sets up false accounts to move the money into, CDIA covers those thefts of funds up to the amount of coverage the owner of the account purchases. It doesn’t matter if it is a wire transfer, online bill payment, or the hackers set up an online bill payment system and moves the money." Their insurance policy generally costs less than $180 a year and is backed by industry giant Argo Group.
While large corporations are generally able to obtain specialty insurance products that prevent them against online fraud, smaller firms don't have that sort of leveraging power. Simple, low-tech methods of digital attack such as fraudulent wire transfers and credit card fraud can cripple small companies without too much trouble. Because the regulations governing both the FDIC and America's banking system were developed before the possibility of digital wire fraud existed, they have trouble keeping up with new forms of Internet-enabled crime.
It's important to note that CDIA isn't the first company to offer cyberattack insurance. Large insurers such as AIG offer cybersecurity insurance. However, Kramer's policies differ in this way: While cyberattack insurers offer protection from liabilities caused by hackers knocking systems offline or files being stolen by intruders, CDIA protects small businesses from their accounts being drained by hackers. Business insurer Chubb offers a similar product; trade publication Law360 also recently published an (unfortunately paywalled) guide to cybersecurity insurance.
According to CDIA, most clients who file claims receive their money back in less than a week. Generally, small businesses whose bank accounts are hit by hackers are worried about coming forward, said Queena Kim of NPR's Marketplace. Online theft is also common for small businesses, even if no one talks about it. The FBI investigated more than 400 cases of digital bank account fraud in 2010 that cost business and nonprofit customers more than $85 million. In the absence of a sympathetic business bank, recovering the money from banks usually requires costly legal cases that operate on dubious ground (in most cases, banks aren't obligated to compensate business customers for online fraud) and require spending a large amount of money on lawyers.
"No one wants to look weak and admit that their computer security systems are vulnerable for fear other cyber thieves will think they are an easy mark and clients won’t trust them with their information. If the CIA, all of the major banks, and the White House can be hacked, why should a small business be ashamed? The best a company can do is make it harder for the thieves to steal their money so that the thief will pick on someone else," Kramer told Fast Company.
CDIA's cybersecurity insurance product is currently available for customers in Pennsylvania, New Jersey, and Delaware.