The Insured received an invoice, purportedly from a known supplier, requesting payment for an outstanding debt. The Insured transferred $27,000 in accordance with the email instructions. The next week the Insured discovered that the email was fraudulent and payment had been made to a hacker.
As the Insured did not have the optional Social Engineering cover under their policy, they were unable to claim for the direct financial loss suffered as a result of making the fraudulent payment. The Insured was able to claim for remediation costs in relation to the attack, given there was a threatened Network Security Event.