Author: Miranda DesPain
What we saw in 2022
The state of the Crime insurance market continues to remain firm yet stable, with consistency in the types of social engineering fraud and vendor fraud losses across the industry, marked by moderate premium increases.
Key underwriting factors include employee count, asset growth and global footprint, loss history, and demonstration of robust internal controls and procedures.
Current state of the market
The industry has underwritten to social engineering fraud exposure for several years, and social engineering fraud loss frequency is generally tracking closely to claims filed related to employee theft. Some insurers are now seeing greater frequency of social engineering losses than employee theft, while others cite embezzlement via vendor fraud as still the top loss driver. While severity still remains lower for social engineering fraud than employee theft, the uptick in claim count is concerning nonetheless.
Limits management for social engineering fraud continues to be a key consideration for all insurers, who typically offer sublimits of $1 million at most, except in rare, bespoke instances. The average social engineering sublimit is $250,000 to $500,000, with additional underwriting and authority required to consider up to $1 million. Some insurers will still consider offering excess capacity for social engineering fraud coverage, whether via a follow form excess Crime policy or a stand-alone excess social engineering policy.
Reviewing the terms of your program is always critical, including whether you have a social engineering exclusion or explicit coverage (and, if the latter, whether callback verification requirements exist). In some instances, callback requirements have been replaced by authorization attempt language, meaning that insurers' strategy is to offer coverage for situations where an insured's procedure fails, but not for situations where the insured fails to perform the procedure altogether.
The 2022 Association of Financial Professionals (AFP) Payments Fraud and Control Survey Report indicated that 71% of companies were targets of payments fraud last year. Business email compromise (BEC) continues to be the leading source of fraud for organizations. This year, the survey contemplated the impact of a remote work environment on payments fraud. Respondents indicated that 34% believed that an increase in fraud was attributable to working remotely, while 47% believed it had no impact. Regardless, best practices and training remain imperative to reducing fraud within organizations.1