Social Engineering Fraud Coverage
Insurance covering financial losses when an employee is tricked by deceptive communications into voluntarily transferring funds or data to a fraudster.
What It Is
Social Engineering Fraud coverage protects businesses against financial losses resulting from employees being deceived into voluntarily transferring money, securities, or property to a fraudulent party. Common schemes include: Business Email Compromise (BEC) where fraudsters impersonate executives or vendors via spoofed emails, CEO fraud (urgent wire transfer requests appearing to come from company leadership), vendor impersonation (fraudulent invoice payment redirect requests), and impersonation of clients or business partners.
This coverage sits in a gap between traditional crime insurance (which typically excludes voluntary parting of funds) and cyber liability insurance (which typically covers data breaches, not financial fraud). Social engineering coverage is available as an endorsement to crime/fidelity policies, cyber policies, or as a stand-alone policy.
Limits typically range from $100K to $1M, though higher limits are available. Insurers may require specific anti-fraud procedures (like callback verification for wire transfers) as coverage conditions.
Why It Matters for Brokers
The FBI reports that Business Email Compromise alone has caused over $50 billion in losses globally. Social engineering fraud is now the most common cause of financial loss claims in commercial insurance. Brokers must recommend this coverage because: standard crime policies exclude voluntary parting of funds, standard cyber policies focus on data breaches, and businesses of all sizes are targets — BEC attacks specifically target small and mid-size companies.
Real-World Example
A CFO receives an email that appears to be from the company CEO requesting an urgent wire transfer of $285K to a new vendor for a confidential acquisition. The email uses the CEO's correct email signature and references a real acquisition target. The CFO follows the company's standard payment process but doesn't complete the verification callback because the email says the CEO is in a meeting. The wire goes to a fraudulent account. The social engineering fraud coverage reimburses $285K less a $15K deductible.
Common Mistakes
- 1Assuming the crime policy covers social engineering losses — most crime policies contain a 'voluntary parting' exclusion that eliminates coverage when the insured willingly transfers funds, even if deceived.
- 2Not implementing the anti-fraud procedures required by the social engineering endorsement, which can void coverage — many policies require dual authorization and callback verification for wire transfers.
- 3Setting the social engineering sublimit too low relative to the company's typical wire transfer amounts — a $100K sublimit is inadequate for a company that regularly wires six or seven figures.
How brokerageaudit.com Handles This
Policy Checker identifies social engineering coverage in uploaded crime and cyber policies, extracting sublimits, verification requirements, and coverage conditions. The system flags commercial accounts where social engineering coverage is missing to help brokers close this critical coverage gap.