Crime Insurance: Insure Your Food & Agriculture Company

Secrets about Crime Insurance

Crime Insurance provides coverage for events not covered by most property or liability insurance policies.

Different Crime Insurance Clauses

There are several ways that businesses could be exposed to crime, both from within the organisation as a result of employee infidelity and from third parties. Crime Insurance provides coverage for events not covered by most property or liability insurance policies:

  • Clause 1 – Employee Infidelity: This clause protects the company from dishonest and fraudulent acts of the employees. This is the major source of all crimes committed against companies worldwide. The clause is very broad and covers almost any crime committed by an employee, whether alone or in collusion with others (both other employees and third parties such as crime gangs) which causes a loss to the company.
  •  Clauses 2 & 3 – Premises and Transit: This is the physical and stock cover for the company and will cover burglary and armed robbery by third parties. It can cover everything from machinery to stock to cash on-premises and has the benefit of covering valuables when in transit as well. Whilst not as effective as a cargo policy, this can provide contingent cover where a third party has a loss, and their insurance does not act.
  • Clauses 4-6 – Forgery and Counterfeiting: These clauses cover the forgery of documents holding a real value and are relied upon by the client for processing cash settlements or disbursement of cash.
  • Clause 7 – Damage due to any of the above clauses: If there is damage to any property as a result of a theft or robbery, then this can be added to the claim. A typical loss here is the destruction of a safe.
  • Additional extension on Computer Crime and Telephonic Crime: This covers the loss to the company by use of a computer or telephone and can have a very broad scope. It is in effect the cover for robbery or theft using a computer rather than a weapon or forced entry. These types of loss are rising due to the less severe penalties for being caught and the fact that they can be carried out remotely, thus lessening the chance of being caught. 

Nature of the Product to be Stolen

As with most businesses, there is a specific risk from the behaviour of employees and some of the causes are listed below. With Agribusiness there is the added threat that they deal in the most stolen goods worldwide accepting cash. There is a simple way of calculating the desirability of products and food that tends to meet all of the definitions to a high degree.

When looking at the product we must consider three themes and if the answer is yes to all three then it is an at-risk product:

  • Desirability – Do people want/need the product?
  • Portability – Is it easy to steal, especially in large volumes?
  • Saleability – Is it easy to sell, would it attract attention to the seller doing s

For example, in Poultry business we can see the following:

  • Desirability – Chicken is the most widely bought meat worldwide and so we can see that there is a demand for chicken products. 
  • Portability – Due to the nature and volume of sales it is surprisingly easy to steal poultry. A faked invoice or paying off the warehousemen or guards on the gates of the processing plant will allow a thief to drive right up to the plant and collect their haul.  
  • Saleability – People want poultry products, and whilst cheap poultry will raise a few eyebrows, it is unlikely that people will turn down the opportunity for cheap food. Selling on a market stall at a food market or arranging with a retailer to buy the products will make this easier, and the police are less likely to question the sale of chicken in this environment. 

So we can see that the products are at real risk, employees working hand in hand with outside groups can cause large losses very quickly here. In the agriculture sector, we have seen numerous large losses worldwide, and usually in basic food such as milk, meat, bread and cereals rather than finished products.

Typical Crime Losses for Food & Agriculture

There are multiple different potential crime losses for Food & Agriculture companies.

  • Addiction Issues  – These individuals start not wanting to be frauds but rapidly turn into a problem for the employee. Typically, they will have a drug, alcohol or gambling issue and will ‘borrow’ money to rectify an immediate situation, always to pay the money back. Usually, the problem spirals out of control and they start taking more and more to fix the problem until they finally realise that they cannot do it and flee. Whilst not the largest losses they can reach some big figures and 1 Mio. EUR is not uncommon, although figures in the hundreds of thousands are more likely.
  • Blackmail   – A member of staff is found in a compromising situation and criminals find out. They use this to force the employee to carry out some tasks to either enable them to access the employer (electronically or physically) or to simply force them to steal themselves. It can be anyone in a company, and losses can be from around 50,000 EUR for a straightforward taking of cash from the safe to millions of Euros from granting access to the computer systems. We see simple ideas such as leaving a door open to targeted blackmail on employees who hold passcodes for payments etc. in this example.
  • Invoice Fraud  – A member of staff who has control of tendering or contracts will conspire with a supplier to inflate invoices. Usually, they will split the difference between the ‘real’ price and the stated price. This will mean that either poor quality services are supplied or overcharged services with reasonable quality are given. This can very quickly add up, and if the staff member is allowed a level of autonomy in this area it can be hard to detect as they will often receive fake quotes to cover the fraud.
  • Delivery Fraud – This often works for hand in hand with either blackmail or general corruption. A gang will find a suitable member of staff who has access to warehouses or other storage facilities and find a way to get them to aid them in their plans. This can be through a simple cut of the profits (Improper Financial Gain) or blackmail. Either way, the staff member will grant them access to the facility through either forged paperwork or being there themselves to open the door. Whole lorry loads of goods can be taken, and losses can mount up quickly. Only when the goods are not paid for, the loss is discovered, which can be some time down the line. Achieving security against this can be difficult as the papers to release the goods will be official and unlikely to be queried at the gate.
  • Bookkeeping Fraud – A simple fraud that involves transfers of money, payments and general accounts of the client. No real sophistication to it – just plain theft. 
  • Social Engineering / Fake Presidents – These are two differing frauds but have the same method at their heart. Both rely on a level of trust either built up over time or gained by electronic means. 

    Social Engineering can take the form of regular phone calls building up a rapport, targeted emails (finding out the hobbies of a member of staff and then sending them links – Spear Phishing), or even working on an out-of-work friendship which then turns into a request for help. All of these come under the Social Engineering banner. Once the trust is established, there will be a request to transfer funds, either for a legitimate-looking reason or for help to the person conducting the fraud. Once the money is transferred, the contact usually ceases immediately.
     Fake Presidents is where a call is made seemingly from the CEO or CFO, usually on a Friday afternoon, requesting an urgent fund transfer. Usually, the reason is that if the transfer does not go ahead, a deal will fall through harming the company. The call will seem to come from the senior staff members but will be the criminals. They can hack phone systems to present the phone number of the person they are impersonating, use email addresses which are one letter different to the person etc. A less sophisticated version is hijacking emails and changing bank details at the last minute, in a deal to the fraudster’s account. 

Conclusion about Crime Insurance in Food & Agriculture

As we can see from the described above cases, “non-tangible damage” (financial) losses, caused by infidelity of employees or third-party criminals, can bring quite a significant gap in the balance sheet of any Food & Agriculture enterprise. On the other hand, such losses are not covered by a standard property damage/business interruption insurance contract. Additional commercial crime insurance policies are recommended. The indemnity limit of 1 million EUR costs starts from 50,000 EUR, as a rule, with the same amount of deductible.

Related Insights

Brian Alexander, GrECo Group Practice Leader Financial Institutions

Brian Alexander

Group Practice Leader Financial Institutions

T +43 5 04 04 342

Shylov Maksym, GrECo Practice Leader Food & Agriculture

Maksym Shylov

Group Practice Leader
Food & Agriculture

T +48 22 39 33 211

Property damage caused by war on land – aspects regarding insurance cover

It is a principle of insurance that due to the potential accumulation of claims there is a general exclusion of damage caused to a risk (buildings, factories, their technical equipment, installations, stocks and other contents) in connection with war and civil war.

In this information and in oncoming postings we will focus on the question what actions of war as we see them currently in Ukraine mean for the existence of insurance coverage and for payments of damages by the insurer. We start with the most important part, considering the values involved, property insurance and property business interruption (BI).

Exclusion and termination of cover

It is a principle of insurance that due to the potential accumulation of claims there is a general exclusion of damage caused to a risk (buildings, factories, their technical equipment, installations, stocks and other contents) in connection with war and civil war. The standard definition of this exclusion is “exclusion of damage caused as direct or indirect consequence of any kind of military action, with or without declaration of war, and all violent actions by states; further caused by civil commotion, uproar, rebellion, revolution, civil war including all military or police or other state measures in connection therewith.”

Standard European insurance wordings do not automatically terminate insurance contracts if the situation described by the exclusion quoted occurs. Quite on the contrary, they state clearly that cover remains in existence, but the insured has to prove that a fire occurred during war time does not have its origin in war or any military action.
There are insurance contracts, however, that terminate cover at the outbreak of war, so it is important to have a look in the standard or written wordings applicable to each individual insurance contract.

Most reinsurance treaties still have the World War clause, saying that the treaty ends in the case of a war between the nations United States, Russia, United Kingdom, France and China. So, the extension of the current conflict into a war between Russia and NATO would most probably trigger this clause. But we are not there, and we can only hope that we never will.

Grey area sabotage, arson and terrorism

War and warlike action, the breakdown of public order may lead to loss events, like damage due to sabotage, arson committed by persons inside and outside a company, acts of terrorism. Here we enter a certain grey area, as far as insurance coverage is concerned. Each claim will obviously be analyzed very carefully whether it is a case of indirect consequence of the war, as defined above, or whether the property damage occurred independently from the conflict situation.

Another point to be considered is that the insured must in fact own the premises insured at the time when the loss occurs. Any change in this ownership, such as seizure or requisition – not insured in property insurance, as this is a political risk – but also abandonment of or being chased from premises will most probably suspend coverage. If the ownership is still existing as a title, but no employees are left on the premises, this means that the control of the risk has been given up and the usual obligations of the insured cannot be fulfilled any longer, which causes serious doubts regarding the validity of cover.

Non-Property Damage Business Interruption

These principles in respect of property insurance apply equally to business interruption. Even if a Non-Property Damage Business Interruption endorsement has been agreed, this follows the basic and general conditions of BI. So, in the case of an enterprise standstill due to the lack of energy supply, cut of ways of communication, disruption of the supply chain, lack of workforce etc. there will always be an evaluation whether these events are due to a situation of war or not.

Although the margin for negotiation is rather small for a broker in this context, GrECo will do the same as in every other loss event, that is to support the interests of our clients in order to reach a fair and just evaluation of the insured’s claim and to obtain wherever possible a correct loss payment from the insurers.

Related Insights

Andreas Krebs

Andreas Krebs

Head of Insurance Mediation Services

T +43 5 0404 229

Buyer’s guide Risk-based purchasing of cyber insurance

New cyber threats are evolving almost every day along with insurance concepts.

However, it is clear that the cyber insurance policies available on the market pursue different objectives: some providers look primarily to cover damage and losses caused by a business interruption resulting from a cyber incident, while others focus on liability cover for a claim based on data breaches. Only focusing on the price of different products can lead to nasty surprises in the event of damage. In addition to the suitable scope of cover and an adequate risk premium, it is also important to choose the right sum insured for cyber insurance.

Before taking out cyber insurance, we recommend that you identify and quantify your own cyber risks within the company and define a strategy for risk management. Our buyer’s guide shows how you can use the GrECo cyber risk assessment to make the best possible decision in terms of cyber insurance.

Step I: Identification of the company cyber risk

The cyber risks of a company, such as cyber attacks, data breaches or IT errors of employees, are diverse. Companies must first of all face the challenge of identifying these risks. Here are some examples of the most significant risks for most businesses: data risk, operational risk, criminality risk and reputational risk.

The most significant cyber risks for companies

Step II. Determining the adequate sum insured

If the company’s cyber risks are identified, we recommend qualifying and quantifying these risks. Cyber risks can also be prevented or at least reduced in most cases by specific risk management, but a residual risk almost always remains. The residual risk of a potential major loss is covered by cyber insurance. Choosing the right sum insured and deductible commensurate with the risk involved can be a challenge. The evaluation approach must be chosen, based on the risk type. The evaluation of the loss potential resulting from data theft follows approaches other than the evaluation of a business interruption following a cyber attack on IT infrastructure and key systems. The insurance market currently has sufficient capacities, even if high sums insured are required as is the case with multinational companies. The specialists of GrECo Risk Engineering are on hand to help you prepare loss potential analyses for cyber risks. Read the article “Identify your risks. Don’t burn your money.”.

Step III. Evaluation of cyber resilience

Cyber resilience is a comprehensive strategy for enhancing the resistance of a company’s IT systems to cyber attacks. International standards such as ISO 27001 or the cyber security framework of the international standardisation authority NIST offer recognised models for establishing, implementing, examining and continuously improving the company’s own cyber resilience.

But it is not appropriate to introduce these standards for all companies. These certifications are often too complex and cost-intensive, especially for SMEs. However, cyber security services such as cyber penetration tests, awareness training courses and cyber scoring reports are available to help SMEs to build up their cyber resilience.
The cyber scoring report allows companies to establish their digital footprint quickly and cost-effectively. Leaked, publicly available company data (e.g. email addresses, passwords, user names, etc.) is searched for during a desktop scan of the internet and darknet. The result of the report shows the company’s digital footprint, from which it can be concluded how the employees move in cyberspace, how visible the company is for cyber attacks (reputation in cyberspace), whether recent attacks can be detected, etc.

Cyber insurance ultimately safeguards corporate assets …
The awareness of the possible loss potential is an essential requirement for the decision on an insurance solution and its characteristics. Cyber resilience safeguards material and immaterial corporate assets and supports the purchase of cyber insurance in terms of quality and price.

As every minute counts with cyber damage, cyber insurance also offers important services such as immediate telephone protection, an IT expert network, and legal and PR support in order to overcome the cyber incident in the best way possible and prevent a negative impact on the company’s reputation. After the crisis has been overcome, cyber insurance takes responsibility for first-party and third-party liability losses.

Related Insights

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Guido Teutsch

Specialist Employee Benefits

T +43 5 04 04 – 247

How hackers work…

Crisis manager Crawford & Company explains

Cyber criminality can take on a number of forms – but one aspect always remains constant: the criminal energy of the attackers!

The hackers’ motivation is to seriously disturb a company’s operations and to gain a financial advantage from the criminal act – with correspondingly negative consequences for the parties concerned. If this scenario occurs, the following are crucial: good preparation and professional and coordinated actions!

Attackers usually gain access to the IT systems of the parties concerned and the sensitive data stored on these systems. In the past, the main focus of the risk assessment was often on the associated data protection and regulatory aspects. These aspects must always be taken into account, as otherwise there is the potential for hefty fines from the supervisory authorities. The recent past shows that authorities are increasingly imposing these types of fines due to data breaches (e.g. in accordance with the GDPR).

Fraudulent emails and encryption Trojans

The usual attack vectors are still often email fraud or attacks with encryption Trojans (ransomware). Over the past 12 months, we have been monitoring the trend towards increasing targeted attacks that are often based on social engineering (e.g. by phishing emails) in conjunction with complex, smart and automated malware (such as e.g. Emotet which is deemed to be one of the most destructive and cost-intensive malwares).

The damage and losses resulting from cyber incidents may take on significant proportions in many cases. In addition to the regulatory aspects mentioned and data protection, the potentially significant damage to the company’s reputation and the financial losses of this company must also be taken into account.
The financial losses incurred are not restricted to the monetary expenditure for restoring data, IT forensic analysis and the evaluation of the attack, and to the costs of involving specialist lawyers and PR consultants. Financial losses that result from the temporary standstill of businesses or even entire corporate groups are increasingly playing a leading role in the risk assessment.

Crisis management with professional help in the event of damage

In addition to preventative measures for defence against and prevention of attacks, acting quickly and professionally in the event of damage or loss is usually the key to best overcoming cyber incidents and reducing the resulting damage and losses. In terms of crisis management, an external crisis manager may coordinate the management processes involved centrally together with the companies involved. With access to a carefully chosen and extensive network of external specialists as a result of framework agreements with IT forensic experts, lawyers and PR consultants, Crawford has the resources to offer active support in the event of damage or loss. Experts experienced in major damage and losses work at Crawford as crisis managers to offer support during the whole process, from the initial analysis and mitigation of the incident to the subsequent damage claims process as part of cyber insurance. This fully integrated crisis and claims management process represents a smooth and efficient solution for the entire cyber insurance claim.

GrECo best practice recommendations for mitigating the damage of a cyber incident

Florian Sättler is Head of Cyber Services, Germany/Austria and works as a Cyber Incident Manager at Crawford & Company (Deutschland) GmbH. The qualified industrial engineer started working as an expert in insurance claims for Crawford Global Technical Services (GTS) in 2014 and investigated various large national and international claims in the commercial and industrial sector. He has been an accredited Crawford GTS Cyber Incident Manager since 2017 and is responsible for crisis management/incident response in the event of cyber incidents, with a focus on Germany, Austria and Switzerland in cooperation with Crawford network partners.
Crawford & Company is the world’s largest listed and independent claims provider and has been helping policyholders and insurers with the solution-oriented processing of claims resulting from cyber criminality since 2014, using the Crawford CyberSolution. Crawford & Company has approximately 9,000 employees globally and has already processed well over 1,000 cyber claims.

Related Insights

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Guido Teutsch

Specialist Employee Benefits

T +43 5 04 04 – 247

Attacks every second

International trend in cyber criminality
A glance across the pond with AXA XL

The prediction that companies are affected by cyber attacks worldwide every 14 seconds was made in 2017. However, the actual intervals were a lot shorter in October 2019. Cyber criminals attempt to gain access to a company’s systems every ten seconds.

If 2019 has proven something, it’s that hackers are becoming a lot more cunning with their methods and their targets. The losses caused by cyber criminality amounted to 2 billion dollars in 2019. Losses of over 5 billion dollars are expected by 2024.

This amount could rise even further, especially as cyber criminals often change their methods of attack. It’s becoming a race against time for companies trying to stay one step ahead of the hackers; a vulnerability must be eliminated while another is already evolving.

However, the most common method used by hackers to gain access is still a well-known one. Phishing through emails or social media actually continues to be at the top of the list. Phishing attacks increased by 65% last year (2018-2019) alone.

However, the knowledge of how hackers get in – and what they target – provides valuable input when it comes to introducing preventative measures.

Let’s analyse the three main trends in cyber criminality which dominated 2019.

1. Ransomware (ransom demand)

The volume and frequency of ransom demands increased in 2019, which indicates that this is the preferred method of attack for many cyber criminals. The reason is that these attacks are easy for hackers to carry out and have a high success rate. They access the system, lock out users and demand a ransom. It’s that easy!

By all accounts, ransomware is expected to continue to grow exponentially as the preferred method used by cyber criminals. The main causes of ransomware (ransom demands) so far have been negligent employees (51%), ineffective virus protection (45%) and outdated or unpatched software or security precautions (26%). Fortunately, these causes can be tackled effectively by most companies:

  • Training employees to recognise and handle fraudulent emails or telephone calls where company information is requested may significantly reduce the risk of employee errors.
  • A clear procedure for reporting suspicious activities should be part of a company’s overall strategy for mitigating risk.
  • IT departments should also perform regular updates of all software and security applications and ensure that the current virus protection programmes are able to respond to new threats as soon as they appear.

2. Focus on public institutions

The numerous high-profile cyber attacks on government institutions help to raise awareness. In May 2019, the city of Baltimore was affected by a ransomware attack for the second time in just 14 months. The attack cost the city over 18 million dollars. The original ransom demand the city did not want to pay amounted to 76,000 dollars.

In order to prevent attacks, public institutions that only have low budgets or no budgets at all for cyber security could still use some of the aforementioned preventative strategies – training employees in how to respond correctly and report attacks, updating systems and applications on a regular basis and ensuring that their virus protection is up-to-date.

3. Biometric data

Facial recognition Scanning of fingerprints Retinal scans Current identification instruments are also a hotbed of exposure from hackers and opposing parties. A logistics company that offers business and administration services for the elderly throughout USA recently violated the Biometric Information Privacy Act (“BIPA”). The company uses a biometric time recording system that requires employees to use their fingerprints as a means of authentication instead of key fobs or identity cards. The employees must scan their fingerprint to be entered in the database. The plaintiff claimed as part of a class action that the company did not observe the BIPA in terms of recording and using fingerprints. However, in this case, an early settlement was reached and the total costs of defence plus the settlement amounted to approximately 600,000 dollars.

Companies should work transparently whenever biometric data is recorded and/or stored. Clear disclosure of the practice and obtaining written approval protect both the company and the owner of the biometric data. Companies should also state how the data is used and stored during a disclosure and consent process.

Keeping hackers at bay

Cyber risks are constantly developing in terms of volume and form. The cyber liabilities are being restructured, from ransom attacks to biometric exposures.

Regardless of whether they are ransom threats or risks caused by the use of biometrics, your company should check systems and guidelines to ensure that system availability and compliance with data protection laws are sufficient. You should also know how your company will respond and what responsibility you assume in the event of a violation or a breach of data protection requirements. AXA AL offers the best possible insurance solutions for these risks for medium-sized to large multinational companies worldwide.

Mag. Verena Schmidt
Underwriter Austria & Central Eastern Europe
International Financial Lines
AXA XL, a division of AXA
T +43 1 50 60 2109

Dennis Bertram
Underwriter Cyber and
International Financial Lines
AXA XL, a division of AXA
T +49 221 16 887 122

Related Insights

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Günter Hubmann

Deputy Competence Center
Manager Liability

T +43 5 0404 219