Does Your Cyber Policy Cover Funds 'Stolen' During Email Spoofing?

Posted: Updated:
© Ice Miller LLP © Ice Miller LLP

An ongoing dispute involving AIG and one of its insureds is a good reminder that the marketplace for cyber insurance is evolving rapidly as we learn more about the risks connected to online activities. The AIG dispute, which may be resolved in the coming weeks, is noteworthy for reminding us of the serious financial consequences of cyber-crime and the need for companies to understand the scope of their insurance coverage. On the positive side, from an insured’s perspective, the AIG claim is comforting in that it shows defense costs accrued in the underlying lawsuit were covered, even though AIG ultimately disputes the indemnity coverage.

Click here for more information.


On October 7, AIG asked a New York federal court to toss an insured’s lawsuit seeking insurance coverage for $5.9 million stolen by suspected Chinese hackers using spoofed email addresses. AIG argued the cyber policy specifically excluded losses resulting from fraudulent or criminal acts. Four days later, the insured countered, saying the exclusion only applied to losses resulting from its own fraudulent or criminal acts, rather than a hacker’s.

SS&C Technologies, the insured in the case, is a financial technology company that administers accounts for its investment fund clients. In March 2016, Hong Kong-based hackers used spoofed email addresses to pose as an SS&C client requesting fund transfers. Believing the emails came from its client, SS&C transferred over $5.9 million to the scammers’ fraudulent accounts. Shortly after, the client sued SS&C to recover the money transferred.

Throughout the lawsuit against SS&C, its insurer AIG covered the defense costs but denied coverage for any settlement or judgment arising out of the email spoofing attack based on several exclusions in SS&C’s policy. After the lawsuit settled, SS&C sought coverage from AIG for the settlement payment; however, AIG denied coverage and SS&C sued.[1]

Dispute Over Cyber Policy’s Coverage of Spoofing Attacks

The coverage dispute has centered on the policy’s so-called “Fraud Exclusion,” which specifically excludes losses “alleging, arising out of, based upon or attributable to a dishonest, fraudulent, criminal or malicious act, error or omission, or any intentional or knowing violation of the law.” According to AIG, this provision excludes any losses “arising out of” “fraudulent” or “criminal [acts].” In response, SS&C argued the exclusion does not apply when a third-party — such as a hacker — commits the fraudulent or criminal act. Instead, SS&C claimed the exclusion is limited to instances where SS&C engages in fraudulent or criminal acts.


Cyber insurance is quickly evolving as insurers and insureds learn more about risks connected to online activities. In the coming weeks, the New York federal court will rule on this issue. But regardless of how it rules, there are several noteworthy takeaways from this case:

  1. Growing Consequences of Cyber Risks: At the core of this case is the loss of nearly $6 million from a series of spoofed emails. Based on the complaint in the underlying lawsuit, the hackers posed as SS&C client Tillage Commodities Fund with email addresses that spelled “Tillage” as “Tilllage.” Additionally, the hackers used “awkward syntax and grammatical errors, which were wholly inconsistent with prior Tillage communications…” This case highlights the importance of establishing cybersecurity programs and best practices to identify similar spoofing tactics to protect against significant losses.
  2. Know Your Coverage: Cyber insurance policies, like the one at issue here, vary among insurers and provide different coverages for computer fraud. Other policy types, such as commercial crime policies, often contemplate computer fraud coverage that, unlike cyber policies, have been extensively litigated.[2]
  3. Defense Cost Coverage: Like most policies, AIG’s policy covered defense costs for SS&C in certain instances. Of note, AIG paid for SS&C’s defense costs in the underlying lawsuit even though AIG denied coverage for indemnity costs. As is typically the case, defense costs coverage is broader than liability coverage. Insurers might seek to recoup defense costs, but, as an initial matter, many like AIG will cover the cost to defend against a lawsuit.

For guidance on responding to cyber incidents to minimize the risk or litigation and handling such litigation if it occurs, please contact Guillermo ChristensenNick Merker or Christian Robertson. Guillermo, a former CIA intelligence officer and a diplomat with the U.S. Department of State, is a partner in Ice Miller’s Data Security and Privacy and White Collar Defense Practices. Nick Merker is a partner and co-chair of Ice Miller’s Data Security and Privacy Practice Group. Christian is an associate in Ice Miller’s Litigation Practice.  

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.

[1] ComplaintSS&C Techs. Holdings, Inc. v. AIG Specialty Ins. Co., 19-cv-7859 (S.D. NY Aug. 21, 2019).

[2] See Covering Phishing & Other Social Engineering Attacks: The State of Play in Computer Fraud Insurance

  • Perspectives

    • 5 Things Consumers Should Know About Marketplace Health Insurance

      Open Enrollment is upon consumers again and there are likely questions on what they should do in terms of health care coverage for 2020. Options for coverage can be overwhelming, but consumers can choose a plan that fits them best through education on open enrollment, understanding what’s new in terms of health plans and learning of any changes going into 2020.



Company Name:
Confirm Email:
INside Edge
Morning Briefing
BigWigs & New Gigs
Life Sciences Indiana
Indiana Connections


  • Most Popular Stories

    • An abandoned East Chicago neighborhood is fenced off for safety. (photo ctsy: The Times of Northwest Indiana)

      New Housing Coming to East Chicago

      The Indiana Housing & Community Development Authority has selected a Chicago nonprofit to participate in a new workforce housing program in East Chicago, according to our partners at The Times of Northwest Indiana. The nonprofit organization A Safe Haven Foundation was awarded a $700,000 grant from the IHCDA that will support the new construction of single-family homes in the West Calumet neighborhood. 

    • (photo courtesy Joseph Pete/The Times of Northwest Indiana)

      ArcelorMittal to Idle Furnace at Indiana Harbor West

      ArcelorMittal plans to idle a blast furnace at its Indiana Harbor West in East Chicago. A spokesperson tells our partners at The Times of Northwest Indiana employees will be reassigned and there will be no layoffs as a result of the move. 

    • A New Way of Thinking for Drug Addiction Recovery

      The long war against drug addiction continues to rage, with the opioid crisis representing the latest front of the battle. As with any long fight, our strategy must change as the forces of death and destruction find new ways to attack those most vulnerable. According to the Centers for Disease Control and Prevention, 68% of the 70,200 drug overdose deaths in 2017 involved an opioid – six times higher than in 1999.

    • Graduates from the 1st cohort for manufacturing at Branchville Correctional Facility (photo ctsy: Dept of Corrections)

      Manufacturing Skills Training for Inmates

      The Indiana Department of Correction is trying to help fill voids in the state’s manufacturing workforce by preparing and training low-risk inmates before they are released. Branchville Correctional Facility in downstate Perry County just graduated its first cohort of the Catapult Training Program, following a four-week course in basic manufacturing skills. The facility is classified as a Level II Low Medium Security Correctional Facility. In an interview with...

    • Calumet Specialty Sells Texas Refinery

      Indianapolis-based Calumet Specialty Products Partners (Nasdaq: CLMT) has closed on the sale of its San Antonio,Texas refinery, crude oil terminal and pipeline to Starlight Relativity Acquisition Co. LLC. Starlight agreed to pay $63 million in cash for the plant, property and equipment.