Skip to main content

Social Engineering, Crime and Cyber Coverage

February 17, 2026

Cyber criminals are no longer just hacking systems. Many are manipulating people. Social engineering losses continue to hit businesses of all sizes, and one of the biggest coverage gaps coming up involves how Crime and Cyber policies respond to these events. If you are buying or renewing coverage, this is an area that deserves real attention.

What Is Social Engineering?

Social engineering is typically a fraud scheme where someone impersonates a trusted party to trick your employee, customer, or vendor into transferring funds or sensitive information. The financial impact can be significant, and recovery is often difficult.

Common examples include:

  • An email that appears to be from your CEO requesting a wire transfer
  • A vendor email advising of “new bank instructions”
  • A spoofed email that looks like it came from your company, leading a customer to send payment to the wrong account

Where Coverage Gets Complicated

 When placing Crime and Cyber insurance, one key question is: How does the policy address social engineering?

There are several important distinctions to clarify.

Does Coverage Apply Only to “Money and Securities”?

Some Crime policies respond only to direct loss of “money and securities.” That sounds straightforward, but what about:

  • Your inventory or product released due to fraudulent instructions?
  • A customer who sends payment to the wrong bank account because they received a spoofed email that looked like it came from you?

Not all policies treat these scenarios the same way.

What Happens When a Customer Sends Funds to the Wrong Account?

This is one of the most misunderstood exposures. If a fraudster impersonates your company and convinces your customer to wire payment to a fraudulent account, you may face:

  • A demand to replace the funds
  • Reputational damage
  • Legal disputes over responsibility

Some Cyber policies may respond under certain insuring agreements. Some Crime policies offer limited social engineering endorsements. Others may not respond at all unless very specific language is in place. This is where policy wording truly matters.

Standard Policy Language vs. Endorsements

Many carriers are actively addressing social engineering exposures, but coverage is not always built into the base form. It is easy to assume you are covered because you have both Crime and Cyber policies in place. That assumption can be costly.

In some cases:

  • An endorsement must be added
  • Separate sublimits apply
  • Specific verification procedures are required
  • Coverage may be narrower than expected

The Risk of Buying on Price Alone

The lowest priced policy can look attractive at renewal time. When a loss occurs, that is when the true value of the policy becomes clear. Coverage design should come before price comparison.

But in this space, pricing often reflects:

  • Narrower definitions
  • Lower sublimits
  • More restrictive triggers
  • Additional conditions

Key Questions to Ask at Renewal

As you review your Crime and Cyber programs, consider asking:

  • Is social engineering coverage included or endorsed?
  • What is the sublimit?
  • Does coverage apply only to direct loss of funds?
  • How does the policy respond if a customer is defrauded using our identity?
  • Are there verification or call-back requirements that must be followed?

Cybercrime continues to evolve. Fraudsters are exploiting trust more than technology. A well-structured Crime and Cyber program should anticipate these risks, not simply react to them.

If you would like a coverage review focused specifically on social engineering exposure, our team can walk through real-world scenarios and evaluate how your current policies would respond.

*Please note that we rely on independent sources and recommend conducting further research or seeking guidance from a qualified industry professional, legal counsel, or licensed insurance agent as appropriate for your needs. These blog posts are intended for general informational purposes only.