Should you include crime/funds transfer fraud on your cyber policy?

Written By Dustin Bolander

One very common coverage on cyber insurance is funds transfer fraud (FTF) which is almost always capped to $250k, although a few carriers will go to $500k. Even on a $5M limit cyber coverage…$250k FTF. So is this “nice to have” coverage really worth anything?

An analogy to business owner policies (BOPs)

One frequent issue with small business insurance is when a company thinks they have a cyber policy, but it ends up being an endorsement/bolt-on coverage to their main BOP. $25k - 100k coverage is pretty typical, with lots of exclusions. Our team always describes this as a nice extra but nothing to rely on.

How does this compare to FTF coverage on a cyber policy?

Similarly, the FTF coverage included with a cyber policy frequently has lots of exclusions. Looking at several policies, we see a few specific exclusions that should be concerning:

  • $250k total limit

  • Funds held on behalf of others, such as escrow accounts

  • Excludes malicious acts by employees

  • Limitations around checks

Should I just stick with the FTF coverage that is added on to cyber policies?

It depends! There are a high frequency of claims that occur under this coverage, however claims are very rare for SMBs that:

  • Have strong financial controls such as multiple verifications methods for requests to change payment accounts

  • Bank accounts and checking that are solely controlled by the owner who is heavily involved in the business’ financial operations

So if your business sees FTF as a very low risk, dropping that extra coverage is an option. It also typically reduces the cost of a cyber policy by 10 - 15%.

The more important conversation is if $250k is enough, especially with the limits. Anytime this is an area of concern for a Beltex client, our team recommends the higher limits and broader coverage provided by a stand alone crime policy.

How much does a crime policy cost?

Most SMBs under $5mm/yr in revenue will pay <$2000/year for $1M coverage. This includes both the cyber aspects (phishing) and employee theft.

One common tactic the Beltex team uses is to pair a cyber and crime policy together to provide “full” coverage to $1M, $2M, or whatever limits the cyber policy provides in full.

Recently a law firm worked with our team, their expiring cyber policy provided $3M limits except for the FTF coverage which was only $250k. Beltex provided the firm an option to drop the $250k coverage, and pair a crime policy of $1M which better matched the firm’s risk profile. This resulted in a net savings while substantially increasing coverage.

Dustin Bolander
Next

What does cyber insurance business interruption *really* cover?