As various types of cyber issues evolve, buyers of insurance policies need to be cognizant of nuanced variations in exposure that most cyber policy wordings don’t contemplate.

In particular, “cyber crime” and “cyber deception” claims are on the rise—and most victims of these schemes are surprised to discover that often, neither their crime nor their cyber/privacy insurance policies afford coverage.

Understanding how these emerging types of fraud are classified within the specific policy language can help agents and brokers keep their clients fully informed and protected.

Cyber crime refers to a situation in which a criminal lifts corporate banking credentials and utilizes them to issue a “fraudulent instruction” to the banking institution. The corporate bank account may not be insured in the same way that an individual’s bank account would be, depending on the type of institution responsible for the funds or credit. If a hacker issues instructions to initiate a wire transfer utilizing the company’s credentials, the company may be out of luck when seeking recovery from their banking partner.

The “funds transfer fraud” section of the company’s crime policy is where insureds may be able to find coverage for this exposure. Cyber policies are geared toward covering breaches of personally identifiable information (PII), including payment cards, but not the insured’s money itself. Endorsements to cyber policies are available in the marketplace for insureds that don’t carry crime policies, but typically require a specific request during the quote stage. Absent the necessary endorsement to its cyber policy, an organization could be left footing the bill for this type of theft.

Cyber deception is becoming extremely prevalent and can be even trickier to address in terms of insurance coverage. In recent years, cyber criminals have become increasingly successful at breaching corporate email accounts, posing as company executives to commit fraud. The criminals use the executive’s email to issue funds transfer instructions to employees responsible for transmitting the company’s money. Processing invoices is a common occurrence, so a fraudulent request from a known email address often goes through without raising any red flags.

Most crime policies view these scenarios as a “voluntary parting of title” and exclude coverage, since the insured technically released the funds voluntarily. Cyber policies are crafted to cover information, not money, so they don’t afford coverage on that front either. Endorsements are available in the marketplace upon request, but only from a small number of carriers.

Agents and brokers should continue to familiarize themselves with the rapidly evolving cyber landscape and inform their clients about exactly what their cyber policies cover. Without close attention to the types of exposures a client may face, coverage gaps can become commonplace—and may leave insureds exposed to new fraud schemes.

Avoid a “one size fits all” mentality at all costs when soliciting crime and cyber coverage. Providing clients with options for cyber policies, backed by specific crime endorsements, can help prevent any unwelcome surprises down the road.

Matt Donovan is national underwriting leader – technology and privacy at Hiscox USA.