What can insurers do in the fight against cybercrime?

Digitalisation is both a blessing and a curse. While we all love the simplicity of having products and services a click away, we forget that a simple click relies on complex IT solutions. Like any sophisticated system, these IT solutions are imperfect and have pitfalls that can be exploited by those who don't mind breaking the law. Here we take a real-world case and outline what companies and insurers can do to avoid becoming victims. By Dmitry Pikalov, Senior Specialist at IA Group.
Dmitry Pikalov
Dmitry Pikalov
Senior Specialist, IA Group
25/11/2022

Over the past two decades, we have become dependent on the internet. Unfortunately, without paying sufficient attention to the issue of security, information has been shared without hesitation or an assessment of risks and consequences, making it easy for cybercriminals. 

According to a survey by PWC, cybercrime accounts for over 35% of all the crimes committed against companies and organisations.[1] The World Bank, meanwhile, expects approximately $5.2 trillion in global value to be at risk between 2019 and 2023.[2] Further, Ivana Vojinovic, Editor-in-Chief of DataProt.net, predicts that by 2027 companies will spend $10 billion a year on employee cybersecurity training.[3]

IA Group has first hand experience with the impact of cyber fraud on international trade. While each case is different, there are commonalities. For instance: (i) weaknesses in internal business processes, (ii) vulnerabilities in IT systems, and (iii) human error.

While the first line of responsibility lies with companies and organisations, as a provider of investigation and debt collection services, IA Group understands this must be a joint effort where credit insurers and policyholders work together.

A nasty surprise for the holidays

This is a real world case, after which we’ll share ideas on what credit insurers can do to prevent their clients from being robbed in cyberspace.

Seller Ltd had been trading with Buyer Srl since 2015. Seller Ltd supplied raw materials from China to Buyer Srl based in Italy. Following the General Supply Agreement, monthly shipments with quarterly payments were agreed upon. In addition, Seller Ltd had a credit insurance policy covering each shipment, so Seller Ltd had no problem agreeing to payment after receipt.

Overall, the trade relationship had worked like a well-oiled machine, until Buyer Srl couldn't pay due to the pandemic. Because of the good commercial relationship between the parties, Seller Ltd agreed to continue shipping goods while Buyer Srl agreed to pay Seller Ltd $1,150,000 by December 2020.

Fast forward to November 2020. Ms Maria (purchase manager at Buyer Srl) confirms to Mr Zhang (sales manager at Seller Ltd) that the agreed payment has been scheduled. Maria also mentions that she will be on vacation and that her colleague Mr Alessandro will follow up. 

During Maria's absence, Alessandro receives an email seemingly from Zhang. The email includes Seller Ltd's new bank account in Hong Kong and a request to remit the payment to this account. With accounting's green light, Alessandro hits ‘reply’, confirms that the payment can be made to Hong Kong, and requests a picture of Zhang holding a piece of paper bearing the new account details. This email is sent to zhang@seller.co.cn. 

On the same day the photograph is received, Buyer Srl remits $1,150,000 to the bank account in Hong Kong. Alessandro creates a new email and sends a SWIFT reference to Zhang at zhang@seller.co.cn. The next day, Christmas Day, Zhang emails Alessandro to inform him that Seller Ltd does not have an account in Hong Kong. By then, neither Maria nor Alessandro are in the office. 

Maria and Alessandro had a rough start of the year. By the time they see Zhang's email, the money is long gone. They have been victims of cybercrime.

Both companies conducted investigations and, luckily, Buyer Srl had insurance for losses arising from cybercrime. However, as it was not possible to pinpoint which party was responsible for the breach, the insurance company found that both were equally responsible and agreed to compensate 50% of the loss to Buyer Srl.

What could they have done differently?

While we cannot imagine this happening to us, the reality is that it can happen to anyone. Cybercrime is increasing dramatically, and it is crucial that everyone at all levels in society are aware of the risks. 

Here are some ways in which credit insurance companies can play a crucial role in preventing their clients from becoming victims of cybercrime:

  • Train your clients' employees (and your own if you haven't already done so) about the risks of cybercrime and the simple steps you can take to reduce the risk. For example:
    1. Type email addresses manually for important emails rather than using the "reply" and "reply to all" buttons.
    2. Turn off the autocomplete function for email addresses.
    3. Add a disclaimer to all emails informing the recipient that the sender never announces changes to their bank account details via email.
    4. Stipulate in all commercial contracts that bank accounts details can only be changed by signing an additional agreement or through certain formalities.
    5. Use certified digital signatures instead of (or in addition to) scanned copies of signatures/stamps.
  • Verify that the insured has internal policies or guidelines regarding cybersecurity
  • Request the insured to have internal processes in place, such as:
    Clear communication channels, especially for payments
    Processes outlining what to do during busy periods and holiday seasons.
  • Add clauses regarding cybercrime to the insurance policy.

The takeaway

Evolving as quickly as the internet itself, cybercrime is already affecting millions of businesses around the world. Awareness and secure digital infrastructure are key to stopping and eventually reversing the trend. Credit insurers can play a significant role in making this happen as it's in both their interests as insurers, and in the interests of their clients, too.

  1. https://www.pwc.com/gx/en/forensics/gecsm-2022/pdf/PwC%E2%80%99s-Global-Economic-Crime-and-Fraud-Survey-2022.pdf
  2. https://www.worldbank.org/en/programs/cybersecurity-trust-fund/overview#::text=To%20give%20a%20rough%20idea,%2453%20billion%20in%20economic%20losses.
  3. This compared to the $1 billion spent in 2014. ‘More than 70 Cybercrime Statistics - A $6 Trillion Problem’, Ivana Vojinovic, July 8, 2022 https://dataprot.net/statistics/cybercrime-statistics/

More BUlletin Publications

Celebrating 90 years of supporting trade and investment

26/02/2024

Celebrating 90 years of supporting trade and investment - 1934 - 2024

Reflecting on Berne Union’s origins and celebrating its achievements. What does the future hold?

 

Climate Working Group: The continuing momentum for change

19/09/2023

Climate Working Group: The continuing momentum for change

The Berne Union’s Climate Working Group is proving a helpful forum for sharing good practice. How is it progressing, and how can our industry continue to help with this initiative?

Claims: Controling Chaos, and Risk Versus Reality

29/06/2023

Controling Chaos, and Risk Versus Reality

In this edition we explore BU claims data and its relation to predicting risk since the pandemic, we also feature a broker's eye view of the state of the CPRI market, the bold restructuring of Denmark's investment and export financing with EIFO, how EDC is looking at ESG risks and ...

Landmark modernisation for OECD Arrangement

25/04/2023

Landmark modernisation for OECD Arrangement

A bold agreement for the Arrangement marks a positive development for our industry. Also featuring
digital access to export finance for China SMEs, challenging the 'China debt trap' narrative for Africa,
insolvency trends, analysing service ...

What's on the horizon for 2023?

28/02/2023

What's on the horizon for 2023?

The pick of key issues to look out for in 2023 – from macro trends, potentially choppy seas for smaller ECAs,  possibilities for using Islamic finance in the renewable energy transition, China’s reopening, a bumpy CPRI outlook, and reinsurance complexities. 

Authors look at...

Digitalisation as a business leadership imperative

25/11/2022

Digitalisation as a business leadership imperative

Technology-driven trade and client interaction are nothing new. But increasing investment in digitalisation of fundamental business processes and decision making is driving a new way of looking at trade finance and risk underwriting. Authors highlight successes and challen...

Mobilising Africa's Potential

06/09/2022

Mobilising Africa's Potential

Despite the challenges there are many positive opportunities emerging for Africa today

Curated by the BU Sub-Saharan Africa Working Group, authors for this special edition of the BUlletin explore areas of growth and the role of different sources of international finance tapping this

Ripples and After-effects

22/07/2022

Ripples and After-effects

exploring the multiple secondary impacts of both the pandemic and the war in Ukraine

from sovereign risk in Africa, to energy security, political violence and the private CPRI market

Shocks and Short Circuits: The Rewiring of Global Trade

07/04/2022

Shocks and short-circuits: The re-wiring of global trade

The bright shoots of economic growth are under threat once again
Assailed by commodity supply shocks and political instability exacerbated by the war in Ukraine
Contributors this month look at the complex impacts on trade and investment across developed and...

Diverging Risk

14/01/2022

Some predict that 2022 may finally bring us beyond the thrall of the COVID-19 pandemic

But the events of past two years have brought significant divergence of risk across economic and geographic boundaries

Authors this month look at how this is playing out in a range of cases

New Foundations

29/09/2021

If the global economy is truly on the road to recovery how can we build the surest path to sustainable growth in our new net-zero world?

New foundations in tech, data, and cooperative frameworks may help guide us into the next phase

Illuminating Climate

22/07/2021

Now widely recognised as an economic as well as environmental imperative
The momentum to tackle climate change is building
Changing perspectives, policy, products and processes across the export credit industry

In search of claims

30/04/2021

Where is the avalanche of claims and insolvencies expected to emerge from COVID-19?
The picture so far is uneven across geographies, sectors and business lines
And for the future? Well, it depends...

Cross-roads for Africa's recovery

21/04/2021

The economic impact of the COVID-19 pandemic on Africa has been considerable and the path of recovery depends on maintaining the support of local, regional and international stakeholders. But which approaches can best build upon the opportunities presented by growing intra-regional trade, and investment in sustainable infrastructure?

Navigating the Brave New World of Trade

23/03/2021

With the wounds of the pandemic still under triage, a rebound in trade could the best hope for governments and businesses alike.
But trade is under immense pressure from myriad directions.
How can we maintain supply of finance, in the face of growing demand and irregular patterns of risk?