1. Forms
2. CY
3. CY-20-15

What the form is

The CY 20 15 Telephone Toll Fraud endorsement is designed to be added to an ISO Commercial Cyber Insurance Policy. Its primary function is to incorporate a specific insuring agreement that provides coverage for financial losses sustained by the insured due to fraudulent use of their telephone systems by unauthorized third parties. This can include, for example, expenses arising from unauthorized calls made after a business's phone system (like a PBX) has been hacked.

Classes of business it applies to

This endorsement is typically used with various ISO Commercial Cyber Insurance policy forms, such as CY 00 10, CY 00 11, CY 00 12, and CY 00 13. It can also be an optional endorsement for the Information Security Protection (ISP) Cyber Policy form CY 00 03. The underlying cyber policies are often designed for a broad range of entities, including:

• Medium to large commercial enterprises
• Not-for-profit organizations
• Governmental entities
• Financial institutions (e.g., banks, credit unions, insurance companies)

Real-world example: A mid-sized manufacturing company with an internet-connected PBX phone system could benefit from this endorsement. If hackers gain access to their phone system and make thousands of dollars in unauthorized international calls, this endorsement could cover those direct financial losses.

Special considerations

• No Separate Sublimit: An important aspect of this endorsement is that it typically does not provide a separate sublimit of insurance for telephone toll fraud. Instead, any covered losses under this endorsement are subject to the main policy's aggregate limit of insurance.
• Similarity to Crime Coverage: The coverage provided by this endorsement is often similar in nature to telephone fraud coverage found in some Commercial Crime insurance policies.
• State Availability: The availability and specific wording of this endorsement can vary by state and by the specific edition date of the form.

Real-world example: If a business has a $1 million aggregate limit on their cyber policy and suffers a $50,000 loss due to telephone toll fraud, that $50,000 would reduce the available aggregate limit for all other covered cyber incidents under the policy. No separate, dedicated limit would apply just for the telephone fraud.

Key information for agents and underwriters

• Risk Assessment: Agents should discuss with clients their exposure to telephone toll fraud. Businesses with older or less secure phone systems, those heavily reliant on voice communications, or those with significant call volume might have a higher risk.
• Underwriting Focus: Underwriters will likely assess the security measures the insured has in place to prevent unauthorized access to their telephone systems. This could include questions about PBX security, call monitoring, and password protocols.
• Coverage Gaps: Without this endorsement, a standard cyber policy might not explicitly cover losses from telephone toll fraud, or coverage could be ambiguous. This endorsement clarifies and affirms coverage for this specific peril.
• Aggregate Limit Adequacy: Since claims under this endorsement erode the overall policy aggregate limit, both agents and underwriters should consider whether the existing aggregate limit is sufficient if this coverage is added, especially if the client has significant exposure in this area.