The average ransomware loss hit $353,000 this year 📈
Cyber Incident? Get Help

Combining Crime and Cyber: Common Claims and Core Coverages

When Crime and Cyber Insurance Combine: 3 Common Claims and Core Coverages

As technology has become commonplace in our everyday lives, so, too, has the opportunity for criminals to capitalize on unsuspecting victims for financial gain.

Losses from cybercrimes amount to $27.6 billion over the last five years, according to the FBI, including $10.3 billion in 2022 alone. Cybercrime also disproportionately affects small businesses, which are often seen as easy targets due to limited resources or capacity to manage technology and train employees.

Cybercrimes often exist in a gray area from an insurance perspective, falling between two different types of coverage: crime policies and cyber policies. Crime policies were originally designed to provide financial protection against traditional crimes but have evolved over time to also provide coverage for digital crimes. Cyber policies are designed to protect against digital threats and the liability associated with them.

The good news is that both crime and cyber policies can coexist in harmony for the benefit of the policyholder. To help brokers determine the appropriate coverage for their clients, we’re delving into three common cybercrimes to explore how these crimes work, how a claim is handled, and which policies and coverages apply. 

Wire transfer fraud

Wire transfer fraud is the theft of funds by fraudulent wire transfer, typically by threat actors with unauthorized access to a business’ account. It isn’t an especially sophisticated crime, but it’s lucrative and easy to execute.

How it works: A threat actor gains the necessary information to authenticate to an organization’s financial institution. With the right credentials and access, they can transfer money, make payments, and take other actions — just as if they were an authorized member of the compromised organization. This type of fraud is difficult to detect because, from the financial institution’s perspective, the activity appears legitimate.

Real-life example: One of our policyholders, an insurance broker, experienced wire transfer fraud after an employee’s email was compromised. A threat actor accessed the account and had the bank add them as payroll administrator. The threat actor was able to initiate wire transfers and stole $125,000. Five email accounts were ultimately compromised, and if access hadn’t been cut off, the threat actor would have free range to continue moving money.

How coverage applies: Wire transfer fraud is typically triggered by fraudulent instruction carried out by external malicious actors. For Crime policies, the relevant insuring agreements are Computer Fraud and Funds Transfer Fraud. For Cyber policies, the relevant insuring agreement is Funds Transfer Fraud.

Social engineering fraud

Often more sophisticated than other types of fraud, social engineering fraud refers to fraudulent transfers, payments, or other financial transactions. In most cases, these transactions are made by an employee who is misled or tricked by a threat actor.

How it works: A threat actor researches an organization to find its vendors and payment history, then figures out which employees interact with vendors and process payments. With that information, they can impersonate vendors and target select employees with fraudulent invoices. This type of fraud is often difficult to identify until valid invoices surface or goods and services go undelivered.

Real-life example: A Coalition policyholder, a union, recently fell victim to social engineering fraud. After an initial phishing scheme, the union attempted to wire $6.4 million to an investment fund for pensions but sent the money to a fraudulent account. Fortunately, our claims team was able to track, freeze, and recover $5.5 million. After Coalition paid out on their policy limits, the union’s loss was reduced to just $500,000.

How coverage applies: Social engineering fraud is usually triggered by a social engineering event that’s carried out by an unwitting internal actor. For Crime policies, the relevant insuring agreement is Fraudulent Impersonation. For Cyber policies, the relevant insuring agreement is Funds Transfer Fraud.

Cybercrime disproportionately affects small and midsized businesses, which are often seen as easy targets due to limited resources or capacity to manage technology and train employees.

Invoice manipulation fraud

Invoice manipulation fraud refers to when threat actors gain unauthorized access to a business network and manipulate invoices and payment instructions. Instead of tricking businesses from the outside, invoice manipulation typically happens from the inside, resulting in a loss of funds.

Here’s how it works: A threat actor gains access to a business’ email accounts and scans inboxes for financial transactions. They send fraudulent invoices with altered payment information so the client sends money to a different, fraudulent account. Because the client sees an invoice from a legitimate vendor, this type of fraud can be hard to detect until the vendor inquires about payment status or past due invoices.

Real-life example: One of our policyholders, a trailer manufacturer, received an order and invoiced their customer. The invoice was intercepted by a threat actor who had gained access to their email. The threat actor sent the customer a new invoice with fraudulent payment details. Eventually, the manufacturer followed up about payment and discovered the fraud. The customer was unable to recover the money, but we reimbursed the manufacturer $132,000 under their first-party coverage because of the security failure due to a compromised account.

How coverage applies: Invoice manipulation fraud is typically triggered by security failure and carried out by an external malicious actor. For Cyber policies, the relevant insuring agreement is Invoice Manipulation; however, these events are not usually covered by Crime policies.

Maximize protection with both Crime and Cyber policies

With two in-force policies, businesses with Crime and Cyber coverages increase their protection against a broader range of risks, including employee theft, forgery, extortion, and business interruption.

Coalition policyholders get the benefit of higher combined sublimits for certain claims — limits for wire transfer fraud can be stacked because it’s covered on both policies —as well as complementary claims handling.

Coalition offers both Crime and Cyber insurance policies, in addition to other Executive Risks products. Every Active Insurance product is powered by Coalition's data-driven approach to insurance — and the numbers from our 2023 Cyber Claims Report speak volumes:

  • 64% fewer claims than the cyber industry average

  • 47% of reported cyber events handled with no cost to policyholder

  • 66% of funds lost to Funds Transfer Fraud recovered after being notified by policyholder

As a broker, you can help clients enhance protection against cybercrimes through coordinated, complementary coverage — especially those who think they’re too small to need Crime insurance. To spark conversations with clients, identify exposures, and help improve their risk profiles, download our new guide, Crime Insurance Discovery Topics.