In 2022, over half of cyber claims resulted from attacks on small businesses. In the age of digitization, businesses are constantly connected and online, opening doors for cybercriminals. Understanding the nuances of the insurance world can be daunting for clients. Even within the insurance industry, agents often misunderstand the nuances between Cyber and Crime Insurance, and where they overlap or could create gaps. In this article we will discuss Cyber Insurance vs Crime Insurance, and how to make sure you have the proper coverage. 

Understanding Cyber Insurance

Cyber insurance protects  businesses against the threats they face when operating in a digital world. Whether an incident arises from digital transactions, data storage, email, or websites, Cyber insurance is designed to protect businesses from these threats.

Cyber insurance policies vary by carrier and policy. That being said, cyber insurance primarily provides coverage for “indirect losses” such as financial loss arising from data or security breaches that affect clients or other third-parties. An example would be a hack leading to a breach of data, resulting in financial loss to your customers or vendors whose data was leaked. Consequently, your business could be responsible for compensating those affected whether they be your clients or other third parties such as vendors. 

Cyber insurance also covers other digital threats such as cyber extortion schemes like ransomware.  A cyber policy can cover the costs of dealing with that hack, including IT forensic experts to investigate the breach, recreation of data, ransom, post incident PR costs, compensation for resulting interruption of your business (lost income) and more. The intangible nature of the data that is compromised or stolen in these situations, means that they are often covered by Cyber insurance. 

Understanding Crime Insurance

While cyber insurance attends to the indirect costs associated with digital threats, crime insurance offers protection against a variety of criminal activities, including digital threats. The purpose of Crime insurance is to protect businesses from monetary losses associated with criminal acts like theft, counterfeiting, and fraud. These could be crimes committed by external players, outside of your organization, or internally by the company's own employees. Most crime claims in today’s world take place in the digital world. 

Businesses Need Cyber Insurance & Crime Insurance

Social engineering is the most common cyber crime, and is a form of fraud. Social engineering involves manipulating humans, usually you or your employees, into divulging confidential information or performing actions that compromise security. 

Both cyber and crime insurance frequently provide coverage against fraud claims such as social engineering. For example, a restaurant lost $25,000 when a hacker, acting as a long-time supplier, emailed fraudulent invoices to the restaurant owner.  Because social engineering may cause direct and indirect losses, and occur in a digital environment (email for example), such claims can be covered under Cyber insurance, Crime insurance, or both.

Funds Transfer Fraud Another area of overlap between Cyber and Crime insurance is funds transfer fraud, a scam where hackers deceive businesses into transferring money based on fraudulent instructions. For example, an HVAC supply company lost $250,000 when a hacker, acting as a long-time supplier, emailed fraudulent payment instructions to the company’s controller.  Because the hacker had access to the company’s email, they knew exactly when payment would be expected and for how much. Using the supplier’s email address, they simply requested the payment be sent to a “new account.”

How to Make Sure You Have The Right Coverage

Although determining whether a loss is direct vs. indirect and tangible vs. intangible can help guide which insurance type is triggered, how do you know what you need?  The answer is both.  To ensure you have the right converge, your business needs both cyber and crime coverage. As insurance companies evolve to provide better protection for today’s modern, digital crimes, it is becoming more common to see carriers include both coverages on one policy.  Not all cyber and crime policies are equal, however, and it is common to see funds transfer fraud excluded from these forms or included with a low sublimit.  Make sure your agent can answer these key questions: 

  1. Do I have both cyber coverage and crime coverage?
  2. Am I covered for cybercrime? 
  3. Does my policy include funds transfer fraud, and if so, what is the limit?

Camargo Insurance Agency is based in Cincinnati and advises businesses on insurance and risk management matters in 48 states. Schedule a call today if you have any questions about your cyber insurance or crime insurance. 

Related articles from Camargo:

How to prevent data theft when employees leave?

 Attack Surface Management Explained