Live Webinar 11/20: SMB Cyber Survival Guide 2025

Coalition coverage: Can you recover your funds from a fraudulent transfer?

Featured Image for Coalition coverage: Can you recover your funds from a fraudulent transfer?

The last thing you want is to have your business disrupted by a security failure. This series explores Coalition’s coverage and how it can help your organization in the event of a claim. However, insurance coverage can vary depending on different underwriting factors. The following descriptions are intended to provide a generalized summary of coverage offered by Coalition’s cyber insurance policy. You should review your Coalition cyber insurance policy for specific details about your coverage. If you are not a policyholder, you can speak to one of our brokers today for more details.

Cyber criminals are opportunistic, often opting to target businesses based on technology and processes rather than industry. One of the easier methods to monetize cyber crime is funds transfer fraud (FTF), which is often perpetuated through social engineering techniques like phishing or business email compromise. Once criminals have access to your business mailbox, they can manipulate your contacts and modify payment instructions, sometimes without even triggering any security alerts.

Criminals can also send you a change in payment instructions that purports to come from a customer or vendor via a lookalike email domain or by compromising the customer or vendor’s email system. A critical aspect of addressing cyber risks, including the risks associated with email and what to do in an FTF case, is understanding the coverages under your cyber insurance policy.

Coalition’s Most Popular and Comprehensive coverage bundles include several first-party coverages that help remediate a cyber incident. For example, our Funds Transfer Fraud coverage can help replace lost funds, while our Breach Response coverage pays for the costs to respond to a cybersecurity incident, including incident response, customer notification, legal feeds, and advice in connection with the incident.

When email compromise leads to thousands of dollars lost

Generally, an FTF event begins with a phishing email or business email compromise (BEC), followed by social engineering. According to our H1 2021 Claims report, in 2020, 41% of BEC attacks evolved into an FTF incident resulting in the direct loss of funds. The losses can be staggering. Attackers identify their victims, steal their credentials, and log in to their accounts, where they employ several different tactics to gain access to funds.

The average amount of funds stolen increased 179% from the first half of 2020 to 2021, from $116,842 to $326,264. – Claims Report

The cost associated with an FTF event is enough to devastate many businesses. Thankfully, Coalition’s policy reimburses insureds for funds transfer losses incurred arising from a failure in security or social engineering. However, that isn’t all our cyber insurance policy offers to remediate this type of attack. After receiving notification that a policyholder has experienced an FTF event, our claims team will work with law enforcement and the appropriate financial institutions to attempt to claw back the funds. Effective recovery efforts are based on several factors, including the location of the receiving bank and the length of time since the transfer. While we cannot guarantee the successful recovery of funds paid to an attacker, we have a record of success on this front.  For example, our swift response resulted in recovering all but $500 of the $1.3M paid to an attacker by one Coalition policyholder even though the policy had a limit of $500K for FTF losses.  

Cyber crime continues to increase like never before, and while ransomware may be in the limelight, FTF cases are also on the rise. In our H1 2021 Claims Report, Coalition saw a 28% increase in FTF cases. However, we recovered 95% of the lost funds in H1 2021 cases where our claims and incident response teams managed to claw back funds.

Mitigate and react: 48-72 hours to recover from an FTF event

As with most things, Coalition needs your help to solve cyber risk. Policyholders should be vigilant and ask questions before initiating a funds transfer. If you receive a new or change in banking information, call the requestor at their last known phone number and never rely on email alone to confirm the validity of any financial transaction. For international transfers, be sure to double-check the validity of all transfer information before sending any payments. Also, we recommend all organizations turn on multi-factor authentication (MFA) for email as many FTF events start with an attacker accessing your email service. Finally, the moment you notice a wrong payment, reach out to Coalition. Time is of the essence, and we are more likely to recover funds within 48-72 hours of the transfer.

Incident and breach response

Successfully recovering funds may seem like the end of the incident, but companies must also address the underlying cause of the fraudulent transfer. Email is often the initial point of compromise for FTF attacks, and that can involve attackers lying in wait within company mailboxes, sometimes for months at a time. For example, when a Coalition policyholder in education fell victim to an FTF event, Coalition Incident Response (CIR) discovered 82 malicious logins to the Finance Director’s email account spread across four months. Fortunately, CIR was able to remove the attacker’s access and clean up the infected mailbox.

Tip: All policyholders with an issue, please call 24x7 toll-free at +1 833 866 1337 or email claims@coalitioninc.com as soon as you think your business has been the subject of a cyber attack or incident. The sooner, the better.

Coalition pays for the costs to respond to a breach — including incident response, customer notification, legal feeds, and advice in connection with the incident. Coalition is the only cyber insurance provider with a dedicated in-house claims and incident response team. CIR will help remediate the event that allowed the attacker to gain access to your network, conduct forensic analysis, and restore the infected mailboxes.

Protect your business: get insured

Coalition offers comprehensive coverage for the cyber risk exposures facing businesses today. Cyber insurance is a key factor in addressing and mitigating cyber risk. It can help minimize any exposure and impact and quickly facilitate remediation if your business is the target of a cyber incident. If you have questions about our claims process or want to be connected to a broker, feel free to reach out to our team. If you’re a broker interested in offering Coalition cyber insurance to your clients, click here to get appointed.

Additionally, Coalition offers a wealth of resources to help businesses implement good cybersecurity practices. Coalition’s cybersecurity guide outlines the basic tenets of a cybersecurity program — a critical factor in reducing your organization’s cyber risk.