Over 80% of UK organisations experienced a successful cyber-attack in 2021/22¹. Lack of cyber security can leave clubs, centres, and class associations vulnerable to substantial losses and the impact can be huge and long lasting.
Some of the most common types of online fraud include:
Fraudulent attempts to obtain sensitive information such as usernames, passwords, and financial details, disguising themselves as a trustworthy source.
Forgery of an email header so the message appears to have originated from someone or somewhere other than the actual source.
Form of telephone fraud using automated recordings to harvest sensitive information such as passwords/usernames or PIN numbers.
Unauthorised access to or manipulation of a computer system or a private network, such as an email account or email correspondence to conduct fraudulent activity.
We recently learnt that a Sailability venue had fallen victim to cybercrime. Having secured funding from the RYA Foundation in order to purchase an access boat, the club met the vendor in order to arrange the handover. Upon later receiving the invoice by email, they paid it. The invoice came as part of a chain of emails but it later transpired that the emails were compromised. Everything about the invoice was correct, but the payment details had been amended by a cyberthief.
The club explained that it had received fraudulent invoices in the past but for amounts it was not expecting, or from people it didn't owe so they were able to identify these as scams fairly easily. This scam was so sophisticated it caught them off guard.
Luckily, this case has a happy ending, many do not. The club and the fraud recovery team at its bank acted promptly and the bank was fortunately able to stop the payment and to recover the monies erroneously paid to the cyberthief.
This was an incredibly sophisticated scam and even with the happy ending, it put tremendous stress on the club and its officers.
The club’s bank advised it not to pay a new payee without ringing them first to confirm their bank details and if possible, to do a small confirmation transaction first before sending the full amount. Simple advice and one that could have initially saved the club the potential loss of £3250.
What should you do if you think you may have received a scam email?
We have previously advised of two RYA affiliated clubs that have experienced fraudulent email scams.
In one case, the Treasurer received emails purportedly from the Commodore and Vice Commodore, requesting an urgent bank transfer for maintenance work. The names of the General Committee and the email address for the Treasurer (a generic address) were publicly available on the club’s website, which the fraudsters could easily obtain and use to their advantage.
In another case, a club received an invoice by email for roof repairs allegedly from the company that had recently carried out the repair on its behalf. It paid the invoice, which later turned out to be fraudulent.
Understandably both Clubs looked to their banks for recovery of money lost however the banks were unable to assist as they were not at fault.
There is no doubt that online fraud is increasing, and the Government quite rightly is concerned. It has therefore created a new National Cyber Advisory board to protect UK interests and how best to counter growing cyber threats.
If you require further guidance, please do not hesitate to contact the RYA Legal Team.
Cyber insurance is available via RYA insurance broking partner, Gallagher, which can help reduce the risk and impact on your organisation, providing a fast response should the worst happen.
Gallagher has access to specific cyber products to support your organisation:
Policy limits and exclusions may apply and minimum standards of risk management will need to be implemented prior to cover binding. Please refer to Gallagher for full details and see policy wording for full terms and conditions.
In addition, for those existing Gallagher clients who place Management Liability (D&O) insurance with Gallagher via specialist insurers Beazley, cover may be extended to cover Crime risks such as Social Engineering, for a small additional cost.
Contact the dedicated RYA team at Gallagher today to discuss your cyber exposures and insurance requirements.
The sole purpose of this article is to provide guidance on the issues covered. This article is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. We make no claims as to the completeness or accuracy of the information contained herein or in the links which were live at the date of publication. You should not act upon (or should refrain from acting upon) information in this publication without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers Limited accepts no liability for any inaccuracy, omission or mistake in this publication, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.
The Royal Yachting Association is an Introducer Appointed Representative of Arthur J. Gallagher Insurance Brokers Limited which is authorised and regulated by the Financial Conduct Authority. Registered Office: Spectrum Building, 7th Floor, 55, Blythswood Street, Glasgow, G2 7AT. Registered in Scotland. Company Number: SC108909. AR06-2023. Exp. 17.01/2024
Last updated 05/04/23