Let’s first define the difference: Funds Transfer 1st Party coverage for Cyber Liability protects the Insured aka the real estate firm who holds the insurance policy from a loss of their own assets. A popular example is when the Insured suffers a breach, the bad guys get hold of the wiring instruction and submit fraudulent instructions to the bank to wire the insured’s money to themselves. 3rd Party coverage for Cyber Liability protects the Insured when they are sued from a loss experienced by another entity because of something that happened resulting from an unauthorized access to the insured’s computer system or a data breach. A common scenario of this is when a real estate agent’s email is compromised and valuable information is utilized to communicate to an unsuspecting real estate buyer prior to closing and send “new” wiring instructions directing money to the bad guys. Below is the policy language that provides coverage.
1st Party Coverage is explained in the Cyber Crime Endorsement form:
Electronic Transfer Fraud
(aka the bad guys are trying to act like you without your knowledge and instructing the bank to send funds to themselves)
“We will pay for Your loss of Funds resulting directly from a Fraudulent Electronic Instruction directing a Financial Institution to transfer, pay or deliver Funds from Your Account which is discovered during the Policy Period and noticed to Us as set forth in this endorsement. Fraudulent Electronic Instruction means an instruction which purports to have been electronically transmitted, submitted, or approved by You, but which was in fact fraudulently transmitted, submitted or approved by someone else without Your knowledge or consent.”
Deceptive Transfer Fraud
( aka you were tricked into sending your funds to the bad guys)
“We will pay for Your loss of Funds resulting directly from Your having transferred, paid or delivered any Funds from Your Account as the direct result of an intentional misleading of Your employee, through a misrepresentation of a material fact (“Deceptive Transfer”) which is: relied upon by an employee, and sent via a telephone call, email, text, instant message, social media related communication, or any other electronic instruction, including a phishing, spear phishing, social engineering, pretexting, diversion, or other confidence scheme, and, sent by a person purporting to be an employee, customer, client or vendor; and, the authenticity of such transfer request is verified in accordance with Your internal procedures.”
3rd party is explained in the Coverage Section Part 2 of the policy form.
Important terms from this section:
“Data Breach means an Insured’s failure to properly handle, manage, store, destroy or otherwise control Personal Information. Solely with respect to Coverage Part 1(A)(ii) and 1(A)(vi) and Coverage Part 2, Data Breach shall also mean an Insured’s failure to properly handle, manage, store, destroy or otherwise control Third Party Corporate Information. “
“ Damages means compensatory damages, any award of prejudgment or post-judgment interest, and settlements which You become legally obligated to pay on account of any Claim first made against You during the Policy Period or, if elected, the Extended Reporting Period, for a Data Breach or Network Security Failure to which this Policy applies. Damages shall also include Regulatory Fines, a Consumer Redress Fund, and Payment Card Loss.”
Here is an annotated form specimen if you prefer to read from the source.
* Based on policy information provided by: Victor O. Schinnerer & Company, Inc. Every coverage situation is different, and the final outcome depends on the unique facts, law and insurance policy involved. The E&O policy contains reductions, limitations, exclusions and termination provisions that impact coverage for a specific event. Full details of the coverage are contained in the policy