Social engineering fraud frequency surpasses employee theft claims for the first time

What we saw in 2021

The state of the Crime insurance market continues to remain firm due to social engineering fraud and vendor fraud losses across the industry, marked by moderate premium and retention increases. We have noticed an increase in submitted claims, primarily social engineering fraud, throughout 2021.

Key underwriting factors include employee count, asset growth, loss history, as well as the demonstration of robust internal controls and procedures.

Current state of the market

The Crime insurance industry has underwritten social engineering fraud exposures for several years. According to experts at leading Crime insurers, for the first time in 2021, social engineering fraud loss frequency exceeded the number of claims filed related to employee theft. While severity still remains lower for social engineering fraud than employee theft, the uptick in claim count is concerning nonetheless. Certain markets, particularly those based in London, were previously willing to offer full limits to cover social engineering fraud under Crime policies. This is largely unavailable in both the commercial and financial institution Crime insurance marketplaces, which are only offering sub-limits of $1 million at most, except in rare instances. The average social engineering sub-limit is $250,000 to $500,000, with additional underwriting and authority required to consider up to $1 million. Generally speaking, we aren't seeing primary social engineering sub-limits higher than $1 million, with a few exceptions. Insurers are increasingly more reluctant to provide large social engineering sub-limits to new buyers. However, some insurers will still consider offering excess capacity for social engineering fraud coverage, whether via a follow form excess Crime insurance policy or a stand-alone excess social engineering insurance policy.

Reviewing the terms of your program is always critical, including whether or not you have a social engineering exclusion or explicit coverage (and, if the latter, whether callback verification requirements exist). In some instances, callback requirements have been replaced by authorization attempt language, meaning that insurers' strategy is to offer coverage for situations where an insured's procedure fails, but not for situations where the insured fails to perform the procedure altogether.

The 2021 Association of Financial Professionals (AFP) Payments Fraud and Control Survey report indicated that 74% of companies were targets of payments fraud last year. Business Email Compromise (BEC) continues to be the leading source of fraud for organizations.1

Social engineering fraud crimes have increased in sophistication, in some cases involving independent contractors and business partners. Reverse social engineering fraud, also known as invoice manipulation fraud or vendor-client fraud, is another method of loss caused by a third party's unauthorized access to, and manipulation of, your invoices sent to clients or vendors. This type of loss can be covered under a Cyber insurance policy due to its overlapping elements with a data breach of your system. Transactional businesses may have heightened exposure to these types of claims.

What we are watching

The alignment of Crime insurance and Cyber insurance for certain types of losses is imperative, as Cyber policies can offer sub-limits associated with both social engineering fraud and reverse social engineering fraud. For traditional social engineering fraud losses, our typical strategy is to first look to the Crime insurance policy as a means for coverage. In the event that both policies offer a sub-limit, we need to closely evaluate the applicability of retentions and other insurance clauses to ensure that the loss is subject to only one retention and determine whether sub-limits apply proportionately. As the Cyber insurance marketplace continues to experience challenges related to inflated claims activity, these types of coverage enhancements may be scaled back altogether.

Ransomware exclusions are increasingly being added to Crime insurance policies with the intention for this type of exposure to be addressed exclusively under a Cyber insurance policy.

The alignment of Crime insurance and Cyber insurance for financial institutions is more complicated. While the financial institutions bond market is fairly stable, insurers continue to evaluate exposure to cyber-related losses under crime policies. Financial institutions social engineering fraud remains a key issue, as well as electronic or computer crime losses. Certain financial institution bond forms offer virus or hacker extensions and/or data reconstruction costs associated with loss of funds. While the trigger for a bond claim remains a monetary loss, there is a potential for overlap with a Cyber policy in instances where destruction of data occurs. As a result, some underwriters are removing destruction of data coverage under Crime insurance policies, preferring such coverage be sought under Cyber insurance policies only. In addition, insurers are closely monitoring extensions offered under financial institutions bonds for extortion-related losses.

Looking ahead

With the widespread use of remote work arrangements and an increase in electronic processes across the board for organizations, we anticipate an impact on crime losses in the short and long term.

In the short term, we continue to see the ongoing frequency of social engineering fraud claims increase, which may or may not be pandemic-related.

In the long term (18–24 months and beyond), we are bracing for the aftereffects of lax controls due to remote working. We expect to see an uptick in embezzlement schemes that have commenced during the pandemic in 2020 and 2021. Many companies have pared down staff and are experiencing a variety of issues associated with return to work plans. Remote work is becoming a more permanent norm, which may lead to companies changing procedures during the pandemic that may not be re-evaluated properly in the future. For example, a company may not immediately evaluate the checks and balances of having one accountant working solely from home. There may be a false sense of security in such an arrangement, while employees may have access and motivation to steal from an organization due to their own financial distress in a down economy. For more resources on returning to work and COVID-19, you can visit Gallagher's pandemic hub here.


The Crime insurance market is less driven by settlement and verdict trends when compared to other claims-made management liability lines of coverage. Therefore, typically less susceptible to big swings. Overall, for 2022, we anticipate the following for the Crime insurance market:

  • 5% to 10% increases for loss-free clients, with more substantial increases for those with losses or loss history
  • Continued focus on social engineering fraud-related controls and processes, as well as vendor management and multi-factor authentication underwriting questions
  • Potential for upward pressure on retentions

Because of the highly nuanced nature of this market, it is imperative that you are working with an insurance broker who specializes in your particular line of coverage. Gallagher has a vast network of specialists that understand your industry and business, along with the best solutions in the marketplace for your specific challenges.

Please note: A client's risk profile is the primary variable dictating renewal outcomes. Loss experience, industry, location and individual account nuances will also have a significant impact on these renewals.



Author Information


The information contained herein is offered as insurance Industry guidance and provided as an overview of current market risks and available coverages and is intended for discussion purposes only. This publication is not intended to offer legal advice or client-specific risk management advice. Any description of insurance coverages is not meant to interpret specific coverages that your company may already have in place or that may be generally available. General insurance descriptions contained herein do not include complete Insurance policy definitions, terms, and/or conditions, and should not be relied on for coverage interpretation. Actual insurance policies must always be consulted for full coverage details and analysis.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organizations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher Risk Management Services, Inc. (License No. 0D69293) and/or its affiliate Arthur J. Gallagher & Co. Insurance Brokers of California, Inc. (License No. 0726293).