What to Know About Cyber-Enabled Fraud and How Insurance Can Help

As the second quarter of 2026 gets underway, cyber insurance trends are already pointing in a new direction, with cyber-enabled fraud surpassing ransomware as the risk causing the biggest concern for C-suite executives. This shift underscores the reality that fraud losses continue to balloon and that many policyholders are surprised that these losses are often covered only in part, or not at all, under many cyber insurance policies.

According to the World Economic Forum’s Global Cybersecurity Outlook 2026 report, a recent survey of C-suite executives found that fraud and phishing have overtaken ransomware as the top cyber risks worrying CEOs, especially in organizations with less developed cybersecurity resilience. This represents a noticeable shift from 2025, when ransomware was the top cyber risk concerning CEOs. The report highlights that 73% of survey respondents experienced cyber-enabled fraud directly, or knew someone–personally or professionally–who was affected by it in 2025. Interestingly, while CEOs are most concerned about fraud, the report shows that chief information security officers (CISOs) continue to view ransomware as their primary cyber risk concern. With fraud now at the forefront for CEOs, policyholders and their brokers should take care to ensure that insurance programs adequately address this risk and that critical coverage does not fall through gaps between policies.

Cyber-enabled fraud is often perpetuated by social engineering techniques like business email compromise (BEC), a type of cyber incident that is often used together with funds transfer fraud (FTF), where a cybercriminal compromises a business email to misdirect company funds. Cybercriminals often achieve their goal of misdirecting company funds to fraudulent accounts by using a variety of tactics. Those tactics include producing phony invoices while impersonating a company’s actual vendors; impersonating company executives by spoofing or creating an email address similar to an executive’s; impersonating attorneys and demanding wire transfers; and launching a BEC attack that uses a legitimate employee’s stolen email credentials (or a near-name/spoofed email address) to request invoice, EFT, or credit card payments from customers.

According to the Federal Bureau of Investigation, BEC attacks have resulted in more than $17 billion in reported losses in the United States in recent years. The frequency and sophistication of these attacks continue to rise, impacting organizations of all sizes and sectors and driving a significant share of cyber insurance claims.

To add another layer of uncertainty to this rapidly evolving risk, the mass deployment and implementation of artificial intelligence among companies of all sizes creates the possibility that cyber-enabled fraud attacks could become more frequent as AI continues to develop. Given that AI is already capable of generating deepfakes, eerily realistic websites, and engaging in hyper-personalized social engineering and phishing, the rate at which cyberattacks are deployed is likely to increase.

To maximize insurance coverage for cyber-related fraud losses, brokers and risk managers should consider the following when building comprehensive insurance programs.

Unlike ransomware, which cyber insurance policies typically cover, many standard cyber policies exclude coverage for social engineering losses and fraudulent transfers. Rather, many cyber insurance underwriters look to crime insurance to pick up these types of losses.

Yet, even under standard crime insurance policies, fraudulent transfers and business email compromises due to social engineering may be excluded unless endorsements are purchased adding the coverage back in, oftentimes subject to various conditions.

For example, some policies require that the policyholder’s employees confirm changes in banking details via a separate confirmatory call or email. Failure to comply with that condition may jeopardize coverage. Further, as with all insurance policies, wording matters. Terms like “computer fraud,” “funds transfer fraud,” or “fraudulent instruction” can create confusion concerning which option insures against a request to transfer funds that an employee received from a spoofed executive email.

Agents, brokers, and risk managers should:

Where coverage for losses stemming from cyber-enabled fraud does exist in cyber policies, it is often subject to low sublimits that are much lower than the overall policy limits (often $250,000 in total coverage or less). Additionally, cyber policies may include retentions that are much larger than the applicable sublimits.

For example, a policy may have a $100,000 sublimit for fraudulent transfers but a $1 million self-insured retention. In this scenario, the policyholder must incur $1 million in covered loss before obtaining up to $100,000 in coverage for the fraudulent transfer.

These low sublimits and high retentions exist because cyber insurers often look to a policyholder’s crime insurer to cover social engineering losses in the first instance. As a result, agents, brokers, and risk managers should consider whether other policies provide additional coverage, such as crime or endorsements to property insurance policies. As noted, losses resulting from fraudulent transfers, social engineering schemes, and business email compromises resulting in the payment of money may be covered solely under standard, or endorsed, insuring agreements to a crime policy, rather than a cyber or technology errors and omissions policy.

If the insured frequently makes large wire transfers or other payments to vendors or other parties, carefully consider what limits should be purchased to sufficiently insure common transfers at risk of social engineering schemes.

For example, construction and real estate companies may make regular transfers in the several millions of dollars range. Yet, even under crime insurance policies, coverage for these social engineering schemes and fraudulent transfers is often capped at a sublimit of $250,000 or less (although commonly subject to much lower self-insured retentions than coverage offered under cyber insurance policies).

Fortunately, policyholders can purchase excess crime insurance coverage that will “drop down” to provide excess coverage over these sublimits to create total coverage in the millions of dollars, if needed.

Brokers, agents, and risk managers should also ensure their clients’ risk management strategies are regularly updated and address the latest cyber and fraud trends. Employees should receive ongoing training to recognize signs of fraud and social engineering, as proactive awareness can prevent losses before they materialize.

Further, the insured’s verification and other cybersecurity and fraud control measures are important because insurers often condition coverage for losses stemming from cyber-enabled fraud on the policyholder maintaining and using specific verification methods before transferring funds. In addition, both cyber and crime insurers scrutinize cyber controls and proactive readiness in the underwriting and renewal process.

Brokers, agents, and risk managers should identify the specific procedures mandated by the policy or represented to the insurer during the application process, and confirm those requirements are being followed. Ideally, this will not only avoid post-claim denials of coverage (based on a potential misrepresentation in the insurance application about various policies or controls) but may also prevent the loss in the first instance.

Cyber insurance applications are very detailed, and when completing applications, all key members of a company’s IT team, legal team, and business team should be involved to ensure that responses to application questions are accurate and complete. Experienced coverage counsel and skilled insurance brokers should assist policyholders in reviewing these applications for completeness and to avoid ambiguities.

As cyber-enabled fraud is taking center stage, agents, brokers, and risk managers should ensure that insurance programs are adequate to cover cyber-enabled fraud losses, identify any sublimits and retentions that could limit recovery, and coordinate cyber and other policies so there are no gaps in coverage for a loss. Additionally, introducing clients to available training, assisting in the development of well-practiced cyber incident response plans, encouraging investment in cyber controls, and educating insureds on the application process (and the need for complete and accurate responses therein) are key ways to ensure clients are adequately protected.

By pairing those controls with a well-negotiated insurance renewal strategy, agents, brokers, and risk managers will help manage a risk that is growing in both frequency and sophistication.