Understanding the differences between crime and cyber insurance is essential for businesses to adequately protect themselves against both traditional fraud and modern digital threats.

What each covers and common claim examples:

Crime insurance protects against financial losses from dishonest acts like employee theft, forgery, computer fraud, and funds transfer fraud, such as when an employee embezzles money or a fraudulent wire transfer is initiated through compromised banking credentials. Cyber insurance covers losses from cyberattacks and data breaches, including expenses for data recovery, legal fees, notification costs, and regulatory fines, like when hackers gain access to customer data or hold systems for ransom.

When would you need either:

You need crime insurance when your business handles significant financial transactions, has employees with access to funds or financial systems, or faces risks from internal fraud and external financial crimes. Cyber insurance becomes essential when your business stores sensitive data, operates online systems, or could face significant operational disruption from cyberattacks.

Typical limits:

Crime insurance policies often have lower limits, as demonstrated in the example where a $150,000 loss was only covered up to the $25,000 policy limit. Cyber insurance typically offers higher coverage limits to address the potentially extensive costs of data breach notifications, forensic investigations, legal defense, and business interruption.

Coverage scope and claims

Crime insurance focuses on traditional forms of fraud and theft, whether committed by employees or external parties. The coverage is particularly relevant for businesses where financial transactions are frequent and employees have access to company funds or payment systems. Common scenarios include accountants transferring funds to personal accounts, forged company checks, or fraudulent wire transfers initiated through compromised banking credentials.

Cyber insurance addresses the modern landscape of digital threats that can affect any business with an online presence. This coverage becomes activated when hackers breach security systems, steal customer data, or disrupt business operations through malware or ransomware attacks. The policy typically covers both first-party costs (like system restoration) and third-party liabilities (like customer notification and legal claims).

Risk assessment and necessity

The need for crime insurance is often determined by the level of financial exposure and the number of people with access to company assets. Businesses with employees handling cash, processing payments, or managing financial accounts face higher risks and should prioritize this coverage. Companies with robust internal controls and limited cash handling may have lower exposure but should still consider coverage for protection against sophisticated external fraud schemes.

Cyber insurance has become nearly universal in its applicability, as virtually every business today relies on digital systems and stores some form of electronic data. The risk extends beyond just tech companies to include any business that uses email, maintains customer databases, or processes online transactions. Even small businesses can face significant costs from data breach notifications and regulatory compliance requirements.

Financial limits and coverage adequacy

Crime insurance policies may offer lower limits because individual incidents, while costly, are often contained to specific fraudulent acts. However, businesses should carefully evaluate their exposure, as a single large fraudulent transfer could exceed typical policy limits, leaving them responsible for significant losses. The key is matching coverage limits to the maximum potential exposure from any single fraudulent act.

Cyber insurance policies generally provide higher limits to address the potentially catastrophic costs of major data breaches or extended business interruptions. The expenses associated with cyber incidents can quickly escalate, including forensic investigations, legal fees, regulatory fines, customer notification costs, and lost business income. Companies should consider their data sensitivity, customer base size, and operational dependence on technology when determining appropriate coverage limits.

The scenarios described are offered only as examples. Coverage depends on the actual facts of each case and the terms, conditions and exclusions of each individual policy. Anyone interested in the above product(s) should request a copy of the standard form of policy for a description of the scope and limitations of coverage.

What types of crime insurance are available?

Crime insurance protects against financial losses from dishonest acts and fraud. The main types include coverage for employee theft and embezzlement, forgery of company checks or documents, computer fraud involving unauthorized access to systems, and funds transfer fraud such as fraudulent wire transfers. These policies focus on traditional forms of fraud and theft, whether committed by employees or external parties, and are particularly relevant for businesses that handle frequent financial transactions or have employees with access to company funds.

How much does commercial crime insurance cost?

Commercial crime insurance costs vary significantly based on factors such as business size, industry risk level, coverage limits selected, and the amount of financial exposure. Businesses with employees handling cash, processing payments, or managing financial accounts typically face higher premiums due to increased risk. The cost also depends on internal controls and security measures in place. While specific pricing varies by insurer and circumstances, businesses should balance premium costs against their maximum potential exposure from fraudulent acts when selecting coverage limits.

How much does cyber insurance cost?

Cyber insurance premiums depend on multiple factors including business size, industry type, data sensitivity, existing cybersecurity measures, coverage limits, and claims history. Companies that store large amounts of sensitive customer data, process online transactions, or have significant operational dependence on technology typically pay higher premiums. Businesses with robust cybersecurity protocols and employee training may qualify for lower rates. The cost has generally increased in recent years due to rising cyber threats, but the expense is often justified given the potentially catastrophic costs of major data breaches or ransomware attacks.

What does cyber insurance not cover?

Cyber insurance typically excludes certain types of losses and scenarios. Common exclusions include losses from unpatched software vulnerabilities when patches were available, damages from acts of war or terrorism, intellectual property theft, and losses from insider threats by employees with authorized access. Many policies also exclude coverage for ransomware payments in certain jurisdictions, losses from poor business decisions, and damages that occur outside the policy period. Additionally, coverage may be limited for businesses that fail to maintain reasonable cybersecurity standards or don't follow required security protocols.

Who needs cyber insurance?

Virtually every business today should consider cyber insurance, as most rely on digital systems and store electronic data. This coverage is essential for companies that store sensitive customer information, process online transactions, maintain customer databases, or could face significant operational disruption from cyberattacks. While tech companies face obvious risks, even small businesses using email or basic computer systems can incur substantial costs from data breach notifications and regulatory compliance requirements. Any business with an online presence or digital operations should evaluate their cyber risk exposure.