Business Protection News transcripts

January 2025

Insights on emerging risks

Welcome again to Business Protection News. I’m Kim Donaca Business Protection Solution Specialist with TruStage™ wanting to share some insights on a handful of risks that are causing some alarming losses.

Usually when we talk about emerging risks, we are focused on those that are coming around the corner. They’re not yet here, but you should be prepared.

In this update, I want to share risks that are well-known as we are seeing credit unions get hit with six- and seven-figure losses throughout the country. These well-known risks are related to variations of account takeovers, fraudulent checks clearing members accounts, fraudulent check deposits, ITM fraud, and ATM jackpotting and smash & grabs.

It is important to discuss these as many of these losses — and their frequency and severity — can be significantly minimized with proper controls.

Let’s start with account takeovers. Fraudsters have launched sophisticated social engineering attacks against members to scam them into providing their login credentials, including two-factor authentication passcodes. These losses surged with the Zelle scam and continue at a torrid pace with fraudsters using multiple channels to access member accounts.

Fraudulent checks are a different story. Checks have gone by the wayside, right? Well, not really and especially not for fraudsters. These losses are hitting hard in two-ways:

First, the stolen mail problem has resulted in a significant increase in fraudulent checks clearing members accounts. Fraudsters steal members’ issued checks and alter them or manufacture fraudulent checks using the information from members’ legitimate checks.
Secondly, fraudsters are recruiting money mules to open accounts at credit unions to cash stolen or fraudulent Treasury checks. These fraudsters also open fraudulent business accounts in the name of the payee listed on the stolen Treasury checks. This problem has been well-known and publicly documented in recent years.

Next up is interactive teller machines or ITMs. Designed to deliver efficiency for the credit union members, fraudsters are now using the self-service feature to withdraw funds from members accounts — primarily using counterfeit debit cards. In some cases, credit unions have discovered deep insert skimmers on their ITMs.

The last few risks are related to ATMs — an oldie but a goodie for fraudsters and criminals. There has been a resurgence in both ATM jackpotting — where the fraudsters are installing malware via the ATM top hat, connecting a black box device, or through remote network attacks to dispense significant amounts or all of the cash — and ATM smash and grabs where they are using a blow torch or other forced entry to get into the ATM’s money chest or take the ATM altogether.

While each organization has its own unique risk footprint; risks and losses are rapidly evolving. Unfortunately, bad actors are continually looking for new innovative fraud schemes and many times, deploy age-old schemes with new twists like in these six loss areas.

It is critical that you identify emerging risks by broadening your risk discussions, engaging staff, and asking the tough questions so you can confidently safeguard your credit union. To learn more about emerging risks as you move into 2025 or the significant losses already impacting credit unions nationwide; just reach out to your Business Protection Solution Specialist for additional insights.

TruStage™ Insurance Products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, Inc., members of TruStage Financial Group, Inc. Some coverages may not be available in all states. If a coverage is not available from one of our member companies, CUNA Mutual Insurance Agency, Inc., our insurance producer affiliate, may assist us in placing coverage with other insurance carriers in order to serve our customers’ needs. CUMIS Specialty Insurance Company, Inc., our excess and surplus lines carrier, underwrites coverages that are not available in the admitted market. Corporate Headquarters 5910 Mineral Point Road, Madison WI 53705 CUP-7502279.1-0125-0227 © TruStage

November 2024

Insights on property protection

Welcome again to Business Protection News. I am Joni Lovingood, Business Protection Solution Specialist with TruStage™ wanting to share some insights on property protection while it is under construction.

The moment construction begins, a property is at risk for damage. Whether it’s fire, theft, vandalism, windstorm, liability, or other risks; there are a lot of reasons why you don’t want to forget to get a builder’s risk insurance policy that covers your structure in progress during its construction, as well as building materials being used.

So, which projects need builder’s risk insurance?

It’s a good idea to obtain coverage on any project where something is under construction. If something could go wrong and jeopardize the successful completion of the project or require your credit union to take a financial hit, you need a specialized type of property insurance and liability protection.

That means any property owned by the credit union that is undergoing construction, getting improvements, having an addition built, or just getting a facelift through renovations, should consider a comprehensive Builder’s Risk insurance policy — or Course of Construction insurance as some call it — in place. In fact, as soon as you know you will be starting a project, contact us with the known start and anticipated completion dates.

When coverage is placed, you can feel more confident that your project is covered* from the time construction commences until it is completed and ready for use or occupancy — at which time, the coverage will terminate.

Understand that each construction project and building situation is unique. In order to find the best coverage option for your credit union, please contact us. One unique situation to consider is when your credit union is a tenant in a building, and you are remodeling the landlord's building with tenant's improvements.

One common misstep is thinking that your credit union’s interests are always covered by your general contractor or builders. But be weary. If they don’t list your credit union as an additional insured, you could be at risk.

To learn more about builder’s risk exposures, insurance protection, what’s covered and what’s not covered, or how to receive an insurance quote; just reach out to your Business Protection Solution Specialist for additional insights.

*Covered only according to the terms and provisions of the policy. Some exclusions may apply. Review your actual policy for specific coverage, terms, conditions, and exclusions.
TruStage™ Insurance Products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, Inc., members of TruStage Financial Group, Inc. Some coverages may not be available in all states. If a coverage is not available from one of our member companies, CUNA Mutual Insurance Agency, Inc., our insurance producer affiliate, may assist us in placing coverage with other insurance carriers in order to serve our customers’ needs. CUMIS Specialty Insurance Company, Inc., our excess and surplus lines carrier, underwrites coverages that are not available in the admitted market. Corporate Headquarters 5910 Mineral Point Road, Madison WI 53705 CUP-3360903.20-0924-1026 © TruStage

September 2024

Insights on cybersecurity protection

Welcome again to Business Protection News. I am Susan Thompson, Business Protection Solution Specialist with TruStage™ wanting to share some insights on cybersecurity protection.

Cybersecurity is one of the most dynamic risks for organizations to manage. Organizations of all sizes across the globe face a growing number of challenges. Some of these challenges include an increase in third-party vendor incidents, a rise in ransomware attacks, the prospect of litigation, new changes with technologies involving AI, adapting to privacy and regulation requirements, and even a shortage of qualified talent to keep you cyber-secure. The complexity of cyber risks continues to rapidly evolve!

While I could spend significant time discussing all of these risks and how to best manage them, I’d like to briefly touch on two that could have coverage implications — third-party vendor incidents and the prospect of litigation resulting from a breach.

First, the disruption and costs to identify and resolve third-party or nth-party vendor cyber incidents can be staggering. Even if you understand all facets of the relationships, it can leave you in a vulnerable position.

These data incidents can change quickly as experts investigate forensic information, so we recommend to promptly notify your cyber insurance carrier when you receive an indication of any incident, including incidents involving vendors. In fact, notifying your cyber insurance carrier first is recommended. Remember, most policies have notification requirements from date of your knowledge and not meeting the time requirement can also put your protection in jeopardy.

My second point of emphasis is that there are growing indications that litigation — including multi-plaintiff or class action lawsuits coming from data breaches — is gaining momentum. Until recently, most courts held that litigants lacked standing to sue, reasoning that plaintiffs had yet to suffer an injury. Unfortunately, the law in data breach cases is unsettled, and courts are forced to grapple with these emerging issues including the potential of lack of management oversight. Lawsuits may impact multiple insurance policies and is something we want to keep an eye on.

While I wish I could say that cybersecurity is becoming less complex, the uncertainty of what’s next seems to get even harder to predict.

I encourage you to stay on top of what’s around the corner by leaning into your trusted partners, TruStage and Beazley. The online resources, RISK Alerts and expert consultation support are a good way to stay in the know. In addition, my peers and I are also happy to be a critical component of your protection program. Know that you can always reach out to us to further discuss cyber risks and protection issues.

July 2024

The Potential Impacts or Working Remotely or in a Hybrid Work Arrangement

Welcome to the Business Protection News! I am George Teague, Property and Casualty Sales Consultant with TruStage™ sharing information regarding workers compensation claims involving remote workers and what you as an employer and HR needs to know.

About a third of U.S. workers who can work from home now do so all the time, according to the Pew Research Center.¹ As a result of the increased availability and desirability of remote work arrangements, employers must consider potential impacts to their operations and risks that they may not have previously considered. One potential impact relates to workers compensation and employees working remotely or in a hybrid work arrangement.

Are remote/hybrid workers covered by workers compensation insurance? Generally speaking, an employee is included under their employers’ workers compensation insurance if they are injured while working from home so long as they meet their burden of proof that the injury was work-related. Of course, as with all claims, the individual characteristics of each loss scenario must be considered for actual coverage determination. What are the most common work-from-home injuries? While there are several remote work risks related to data security, fraud, internal controls, asset management, and employment practices; the two most frequent workers compensation claims are slips, trips and falls and cumulative trauma/repetitive motion. To reduce cumulative injuries the employer should require or provide ergonomic workstations and to reduce slips, trips and falls the employer should encourage good housekeeping practices, have guidelines on workspace cleanliness, and provide employee training for maintaining a safe work environment.

Unfortunately, poorly adopted flexible work arrangement plans can also lead to increased risks. It is important to have a remote work policies and procedures in place for those employees eligible for remote work. Additionally, a significant challenge is that the remote work environment does not have the same safety standards you have at your workplace. In order to reduce these risks, you should provide these employees with a flexible work arrangements checklist, determine if the environment is suitable for getting the job done without posing any undue risks, and maintain regular communications with them.

Unfortunately, hybrid and remote work employees have their own unique workers compensation risk as standard rules such as coming and going from work becomes more challenging.

Employers and HR personnel must balance the risks and rewards when considering remote and hybrid work options. For more insights on the risks, check out the Flexible work arrangements risk overview and checklist from our risk management team or contact your TruStage P&C Consultant for additional information on your workers compensation needs and concerns.

¹Parker, K. (2023, March 29). Growing share of U.S. workers are working a hybrid schedule. Pew Research Center.

May 2024

Artificial intelligence and potential threats regarding Cyber Liability Coverage

Hello and welcome to the Business Protection News. I am Carlos Molina, Business Solutions Specialist with TruStage™ wanting to share with you information on artificial intelligence, or AI for short, and the potential threat it can pose regarding your Cyber Liability Coverage.

Were you aware that an estimated 3.4 billion spam emails are sent per day?¹ Most credit union employees understand what a phishing attempt is and how it can have disastrous effects on your organization, both reputationally and financially. Fraudsters will go to great lengths to impersonate businesses or individuals to gain their personal identifiable information, such as names, passwords, identification numbers, or even payment code authorizations — all to defraud you.

While most employees are adept at recognizing certain types of phishing, more sophisticated bad actors might use AI and other tools to deceive your internal teams more efficiently and increase the chances of a successful attack.

The telltale signs of a phishing scam typically include generic greetings, unusual formatting, and messages with spelling mistakes and grammatical errors.

Unfortunately, AI technology enables more sophisticated phishing attempts that are not easy to uncover. AI allows bad actors to communicate more clearly, scale their attacks and send messages that appear to be more legitimate than ever.

And, if one suspicious email gets flagged as spam, the use of an AI writing tool can easily make edits and changes to help that fraudster get the next one through.

Bad actors can leverage AI and other tools to carry out various types of fraud and attacks.

To mitigate these risks, you should:

Conduct risk assessments on a regular basis
Educate employees about the risk of phishing and other fraud scams
Provide a means for employees to report suspected threats and attacks
Lean into your trusted providers, TruStage and Beazley, to access their online resources RISK Alerts, and expert consultation

Whether it's minimizing fraud, understanding threats and loss trends or gaining better cyber hygiene practices, taking advantage of these partnerships and their offerings can be a critical component of your cybersecurity program. Reach out to your TruStage Business Solution Specialist for additional information today.

¹Station X, Top Phishing Statistics for 2024: Latest Figures and Trends, 2024

Cyber policies are underwritten by Beazley Insurance Group or other nonaffiliated admitted carriers

TruStage™ Insurance Products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, Inc., members of TruStage Financial Group, Inc.  Some coverages may not be available in all states. If a coverage is not available from one of our member companies, CUNA Mutual Insurance Agency, Inc., our insurance producer affiliate, may assist us in placing coverage with other insurance carriers in order to serve our customers’ needs.  CUMIS Specialty Insurance Company, Inc., our excess and surplus lines carrier, underwrites coverages that are not available in the admitted market. Corporate Headquarters 5910 Mineral Point Road, Madison WI 53705 CUP-3360903.15-1223-0126 © TruStage

March 2024

How employee’s insurance and the credit union’s business auto policy work together

Welcome to the Business Protection Solutions Newsletter. I am Lea Vanden Boom, Property and Casualty Consultant for TruStage™.

Do you ever have employees drive their personal vehicle for credit union business? Have you wondered how insurance would apply in these cases? Driving a personal vehicle on business brings up questions on how the employee’s insurance and the credit union’s business auto policy work together.

Your employee’s personal auto insurance is always going to be primary. In most cases, the employee’s personal auto insurance will be the only protection available for physical damage to the employee’s vehicle. Insurance follows ownership. If there is a loss where liability is triggered, the employee’s personal auto insurance is primary and then the credit union’s business auto and excess liability policies may be available if the limits on the employee’s policy are used up.

Here are a few scenarios to illustrate how personal auto insurance and a business auto policy either work or do not work together.

An employee’s vehicle is damaged while parked in the credit union parking lot. It was a hit and run and the responsible party is not known. The employee would file a claim with their personal auto insurance and the credit union’s business auto policy would not apply.
Your employee runs to the post office to purchase additional stamps for a credit union mailing. They do not pay attention and cause an accident, resulting in a pedestrian having bodily injuries. The pedestrian files a suit due to the damages. The employee would file a liability claim with their personal auto insurance. If their personal auto liability, and possibly personal umbrella policy, limits are used up, the credit union’s business auto and excess liability may apply. The physical damage to the employees’ auto is covered under their own auto policy, the credit union's policy would not cover any damages to the employees owned auto.
An employee is towing a credit union-owned trailer using their personal vehicle. Material in the trailer flies out and causes damage to another vehicle. Since the employee was driving their personal vehicle, the claim would be filed with their personal auto insurance.

Be in the know before you go. When an employee uses their personal auto for credit union purposes, keep in mind that Insurance follows ownership. To learn more about use of personal vehicles for business purposes or your Business Auto Policy, contact your TruStage Property & Casualty Consultant or other members of your sales team for assistance.

Please keep in mind that the facts and circumstances of each individual claim are what determines coverages and that these examples are for illustrative purposes only. Individual states vary on at fault and no-fault insurance coverage requirements that will also determine outcomes. Full policy language will always be reviewed at the time of a claim.

TruStage™ Insurance Products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, Inc., members of TruStage Financial Group, Inc.  Some coverages may not be available in all states. If a coverage is not available from one of our member companies, CUNA Mutual Insurance Agency, Inc., our insurance producer affiliate, may assist us in placing coverage with other insurance carriers in order to serve our customers’ needs.  CUMIS Specialty Insurance Company, Inc., our excess and surplus lines carrier, underwrites coverages that are not available in the admitted market. Corporate Headquarters 5910 Mineral Point Road, Madison WI 53705 CUP-3360903.16-0224-0326 © TruStage