Stability exists in crime marketplace, claims trends continue.

Author: Miranda DesPain


What we saw in 2022

The state of the Crime insurance market continues to remain firm yet stable, with consistency in the types of social engineering fraud and vendor fraud losses across the industry, marked by moderate premium increases.

Key underwriting factors include employee count, asset growth and global footprint, loss history, and demonstration of robust internal controls and procedures.

Current state of the market

The industry has underwritten to social engineering fraud exposure for several years, and social engineering fraud loss frequency is generally tracking closely to claims filed related to employee theft. Some insurers are now seeing greater frequency of social engineering losses than employee theft, while others cite embezzlement via vendor fraud as still the top loss driver. While severity still remains lower for social engineering fraud than employee theft, the uptick in claim count is concerning nonetheless.

Limits management for social engineering fraud continues to be a key consideration for all insurers, who typically offer sublimits of $1 million at most, except in rare, bespoke instances. The average social engineering sublimit is $250,000 to $500,000, with additional underwriting and authority required to consider up to $1 million. Some insurers will still consider offering excess capacity for social engineering fraud coverage, whether via a follow form excess Crime policy or a stand-alone excess social engineering policy.

Reviewing the terms of your program is always critical, including whether you have a social engineering exclusion or explicit coverage (and, if the latter, whether callback verification requirements exist). In some instances, callback requirements have been replaced by authorization attempt language, meaning that insurers' strategy is to offer coverage for situations where an insured's procedure fails, but not for situations where the insured fails to perform the procedure altogether.

The 2022 Association of Financial Professionals (AFP) Payments Fraud and Control Survey Report indicated that 71% of companies were targets of payments fraud last year. Business email compromise (BEC) continues to be the leading source of fraud for organizations. This year, the survey contemplated the impact of a remote work environment on payments fraud. Respondents indicated that 34% believed that an increase in fraud was attributable to working remotely, while 47% believed it had no impact. Regardless, best practices and training remain imperative to reducing fraud within organizations.1

Business email compromise continues to be the leading source of fraud for organizations.

The Federal Bureau of Investigation's Internet Crime Complaint Center (IC3) releases an annual report that outlines the impact of BEC based on government task-force metrics. In analyzing the data from the latest report, the average amount lost per BEC fraud increased by nearly 25% year over year — from $97,000 in 2020 to $120,000 in 2021.2

According to the crime insurance industry's client portfolio, insurers anecdotally cite that the average social engineering loss (akin to BEC), is in the realm of $350,000 to $500,000 and susceptible to inflation. This estimate may suggest that numerous losses exist below clients' crime deductible associated with social engineering fraud (often starting around $100,000), leaving smaller loss amounts borne by companies with no insurance recovery.

Social engineering fraud crimes continue to increase in sophistication, rendering targeted companies at constant risk of impersonation of vendors, customers and employees. Reverse social engineering fraud — also known as invoice manipulation fraud or vendor client fraud — is another method of loss caused by a third party's unauthorized access to and manipulation of your invoices sent to clients or vendors. This type of loss can be covered under a Cyber policy due to its overlapping elements with a data breach of your system. Transactional businesses may have heightened exposure to these types of claims.

What we are watching

Exposures related to digital or intangible assets, including cryptocurrency, are emerging and evolving rapidly. Coverage enhancements may be available from certain insurers, affording coverage for certain types of these assets in limited scenarios. Other insurers may include exclusionary language for the sake of transparency and lack of ambiguity, until such exposures can be better analyzed and underwritten. Many questions exist surrounding valuation, quantity, storage and ability to forge digital assets.

Additionally, the alignment of Crime and Cyber insurance for certain types of losses remains imperative, as Cyber policies can offer sub-limits associated with both social engineering fraud and reverse social engineering fraud. For traditional social engineering fraud losses, our typical strategy is to first look to the Crime policy as a means for coverage. If both policies offer a sublimit, we need to closely evaluate applicability of retentions and other insurance clauses to ensure that the loss is subject to only one retention and determine whether sublimits apply proportionately. As the Cyber marketplace continues to experience challenges related to inflated claims activity, these types of coverage enhancements may be scaled back altogether.

Looking ahead

With a typical lag in discovery of employee theft schemes between 18 months and two to three years, we anticipate that some losses that commenced during the pandemic era will come to light in the near future. Additionally, a potential impending recession may also correlate with an uptick in crime losses, due to layoffs, salary cuts and hiring freezes, which could offer employees and outside criminals both an opportunity and motive to commit fraud. We expect to continue to see ongoing frequency of social engineering fraud and employee theft claims.


The Crime insurance market is a mature line of coverage, less driven by the amplitude of settlement and verdict trends when compared to other claims-made management liability lines of coverage and, therefore, typically more immune to big swings. Overall, for 2023, we anticipate the following for Crime insurance:

  • Modest single-digit increases in the range of 3% to 7% for loss-free clients, with more substantial increases for those with losses, loss history or exposure changes
  • Continued focus on social engineering fraud-related controls and processes, as well as vendor management and multifactor authentication underwriting questions

Because of the highly nuanced nature of this market, it's imperative that you're working with an insurance broker who specializes in your particular line of coverage. Gallagher has a vast network of specialists that understands your industry and business, along with the best solutions in the marketplace for your specific challenges.

Please note: A client's risk profile is the primary variable dictating renewal outcomes. Loss experience, industry, location and individual account nuances will also have a significant impact on these renewals.

Author Information


The information contained herein is offered as insurance Industry guidance and provided as an overview of current market risks and available coverages and is intended for discussion purposes only. This publication is not intended to offer legal advice or client-specific risk management advice. Any description of insurance coverages is not meant to interpret specific coverages that your company may already have in place or that may be generally available. General insurance descriptions contained herein do not include complete Insurance policy definitions, terms, and/ or conditions, and should not be relied on for coverage interpretation. Actual insurance policies must always be consulted for full coverage details and analysis.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organizations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services provided by Arthur J. Gallagher Risk Management Services, LLC. (License Nos. 100292093 and/or 0D69293).