Market Conditions 2023: Crime Insurance

The Federal Bureau of Investigation's Internet Crime Complaint Center (IC3) releases an annual report that outlines the impact of BEC based on government task-force metrics. In analyzing the data from the latest report, the average amount lost per BEC fraud increased by nearly 25% year over year — from $97,000 in 2020 to $120,000 in 2021.²

According to the crime insurance industry's client portfolio, insurers anecdotally cite that the average social engineering loss (akin to BEC), is in the realm of $350,000 to $500,000 and susceptible to inflation. This estimate may suggest that numerous losses exist below clients' crime deductible associated with social engineering fraud (often starting around $100,000), leaving smaller loss amounts borne by companies with no insurance recovery.

Social engineering fraud crimes continue to increase in sophistication, rendering targeted companies at constant risk of impersonation of vendors, customers and employees. Reverse social engineering fraud — also known as invoice manipulation fraud or vendor client fraud — is another method of loss caused by a third party's unauthorized access to and manipulation of your invoices sent to clients or vendors. This type of loss can be covered under a Cyber policy due to its overlapping elements with a data breach of your system. Transactional businesses may have heightened exposure to these types of claims.

What we are watching

Exposures related to digital or intangible assets, including cryptocurrency, are emerging and evolving rapidly. Coverage enhancements may be available from certain insurers, affording coverage for certain types of these assets in limited scenarios. Other insurers may include exclusionary language for the sake of transparency and lack of ambiguity, until such exposures can be better analyzed and underwritten. Many questions exist surrounding valuation, quantity, storage and ability to forge digital assets.

Additionally, the alignment of Crime and Cyber insurance for certain types of losses remains imperative, as Cyber policies can offer sub-limits associated with both social engineering fraud and reverse social engineering fraud. For traditional social engineering fraud losses, our typical strategy is to first look to the Crime policy as a means for coverage. If both policies offer a sublimit, we need to closely evaluate applicability of retentions and other insurance clauses to ensure that the loss is subject to only one retention and determine whether sublimits apply proportionately. As the Cyber marketplace continues to experience challenges related to inflated claims activity, these types of coverage enhancements may be scaled back altogether.

Looking ahead

With a typical lag in discovery of employee theft schemes between 18 months and two to three years, we anticipate that some losses that commenced during the pandemic era will come to light in the near future. Additionally, a potential impending recession may also correlate with an uptick in crime losses, due to layoffs, salary cuts and hiring freezes, which could offer employees and outside criminals both an opportunity and motive to commit fraud. We expect to continue to see ongoing frequency of social engineering fraud and employee theft claims.

Conclusion

The Crime insurance market is a mature line of coverage, less driven by the amplitude of settlement and verdict trends when compared to other claims-made management liability lines of coverage and, therefore, typically more immune to big swings. Overall, for 2023, we anticipate the following for Crime insurance:

• Modest single-digit increases in the range of 3% to 7% for loss-free clients, with more substantial increases for those with losses, loss history or exposure changes
• Continued focus on social engineering fraud-related controls and processes, as well as vendor management and multifactor authentication underwriting questions

Because of the highly nuanced nature of this market, it's imperative that you're working with an insurance broker who specializes in your particular line of coverage. Gallagher has a vast network of specialists that understands your industry and business, along with the best solutions in the marketplace for your specific challenges.

Please note: A client's risk profile is the primary variable dictating renewal outcomes. Loss experience, industry, location and individual account nuances will also have a significant impact on these renewals.

Sources

¹"2022 AFP® Payments Fraud and Control Report," AFP, Apr 2022. PDF file.

²"Internet Crime Report 2021," Federal Bureau of Investigation, accessed 19 Dec 2022. PDF file.

Disclaimer

The information contained herein is offered as insurance Industry guidance and provided as an overview of current market risks and available coverages and is intended for discussion purposes only. This publication is not intended to offer legal advice or client-specific risk management advice. Any description of insurance coverages is not meant to interpret specific coverages that your company may already have in place or that may be generally available. General insurance descriptions contained herein do not include complete Insurance policy definitions, terms, and/ or conditions, and should not be relied on for coverage interpretation. Actual insurance policies must always be consulted for full coverage details and analysis.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organizations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services provided by Arthur J. Gallagher Risk Management Services, LLC. (License Nos. 100292093 and/or 0D69293).