Skip to main content

Article

Crime Insurance-Pricing and Claims Insights

In today’s rapidly evolving business landscapes, there are several factors driving the surge in fraudulent acts. Majorly, the impact is due to growing technology, financial pressure, numerous data breaches and easy access to generative AI resulting in direct financial losses.

Introduction

In today’s rapidly evolving business landscapes, there are several factors driving the surge in fraudulent acts. Majorly, the impact is due to growing technology, financial pressure, numerous data breaches and easy access to generative AI resulting in direct financial losses.

According to 2024 Global Financial Crime Report by NASDAQ and Verafin, in 2023, entities across the globe suffered losses to the tune of USD 485.6 billion as a result of various fraudulent activities exposing serious deficiencies in companies’ fraud prevention measures1.

Of the total crime claims notified by Marsh India clients in 2022-23, 56% of fraudulent acts were based in India followed by 19% in the US, 4% in the UK and remaining 21% across other countries. (Figure 1)2.

This report aims to provide an in-depth analysis of crime claims and pricing trends of crime insurance, along with details of solutions that Marsh offers.

Crime insurance: A brief overview

Commercial crime insurance provides cover for direct financial losses and third-party losses (subject to policy terms & conditions) arising out of business-related frauds, such as theft, forgery, robbery, electronic crime, etc. orchestrated by employees or third parties or in collusion by employees and third parties.

Owing to the increasing use of technologies, crime policies have also evolved to include cover-for-acts like computer frauds, social engineering/ fake president frauds, fund transfer frauds, third party crime and so on.

Claims Trends: An Industry Agnostic Risk

While earlier mostly financial institutions were prone to such risks owing to the nature of their business, in recent years we have witnessed a significant surge in the frauds suffered by our clients in the Technology (Tech), Manufacturing, Business Process Outsourcing (BPO), E-commerce space. Marsh India clients witnessed a steep rise in the notifications under crime policies with the period 2022-23 seeing a 130% rise in number of notifications as compared to the period 2021-22. We noted that our clients suffered losses over USD 17 Million in 2022-23, which was a two fold increase from the year before.

Evolving nature of crimes

Fraudulent activities have become complex and intricate making it harder for companies to be able to prevent them despite having taken preventive steps.

Social Engineering frauds, CEO frauds, and fund transfer frauds have also increased exponentially. These includes frauds where external perpetrator impersonates as a senior management and induces employees into making fraudulent fund transfers. Vendor fraud also are on a rise where the perpetrator takes control of the email domain and requests change of bank account detail pretending to be the insured’s vendor. Such frauds have led to our clients losing on an average USD 533,000 on account of such criminal activities.

Physical theft still continues to be the largest cause of loss with our clients suffering losses between USD 50,000 to USD 1.7 Million spotlighting the increasing susceptibility of security systems to such frauds (Figure 2). As an example, one of our Tech client which extends site support and managed services of their customers saw large losses owing to computer frauds3 with losses ranging between USD 500,000 to USD 1.3 Million.

Who is the Perpetrator and which party suffers the most?

While over 59% of crimes were committed by an external perpetrator (Figure 4), the risk of occupational fraud, which are committed by employees, continues to remain of significant concern. According to Association of Certified Fraud Examiners’ (ACFE) Occupational Fraud: A Report to the Nations 2024, over 54% of occupational frauds were committed by two or more perpetrators acting in collusion leading to companies reporting a median loss of USD 329,0004.

Besides first party losses, fraudulent activities also led to our clients suffering huge third party losses5 (figure 5). While the intent of Crime policy is to cover direct financial loss, this policy also would extend cover to third party losses due to fraudulent act of employee where agreed by the insurer. In recent times we have seen change in type of claims i.e. increase in third party losses vis a vis first party loss. However, we also found insurers applying allocations on grounds of negligence by insured’s clients suffering losses, breach of Standard Operating Procedures, deviation from disclosures made in insurance proposal forms etc.

Crime insurance pricing trends for Communications, Media and Technology (CMT) companies6

In the realm of crime insurance, there has been an overall increase of 7.57%, a notable decrease from the previous year's 43.8% surge. Insurers in this sector are increasingly cautious about cyber-crime-related risks and overlapping coverage, leading to restrictions on capacities and coverage options. While some insurers continue to participate in policy renewals, they are becoming skeptical about deploying capacities for new proposals, and a few have even ceased underwriting crime policies altogether. Notably, some large companies (revenue > USD 1Billion) involved in M&A activities have seen a significant 60% increase in deductibles, reflecting insurers' concerns regarding rising crime claims during transition periods marked by uncertainty.

 

Policy ROL 2021-22 (Primary and Excess)  ROL 2022-23 (Primary and Excess) Change in Average ROL (%)
Crime 3,2247 3,4898 7.579

Conclusion

We have witnessed large crime losses breaching policy limits in the past years. These large losses have led to insurers exercising great caution in participating on new crime programs, restricting their exposures on new placements and limiting their exposures on old renewals by putting limited discovery/retroactive date clauses overcoming the discovery-based nature of crime policies.

Our own clients were subjected to big losses arising due to complex fraudulent activities orchestrated through the cyber systems. This growing trend of using technological devices to carry out sophisticated frauds has led to insurers putting in aggregation clauses in the policies to limit any overlap between cyber and crime policies.

Insurers are adopting wordings like the verification clause, which limit cover only when insured has made efforts to verify the change in the bank account details before processing the payment.

While these clauses are added by insurers, we have seen a mismatch in the internal Standard Operating Procedures (SOPs), and the policy requirements, especially on the verifications mandated to be done internally by insureds in a social engineering-like situation.

Additionally, Insurers have been consistently trying to tighten strings around their crime policy exposures, leading them to rely stringently on disclosures made by insureds in their proposal forms relating to adherence to SOPs, periodic audits, verification processes, etc. Insureds must ensure that the disclosures made by them in the proposal forms are accurate and are being followed with sincerity, as any false or misleading information can lead to a claim being repudiated.

1 https://www.nasdaq.com/global-financial-crime-report

2 Based on Marsh India crime claims data: January 2022- December 2023

3 Computer fraud is use of insured’s system to cause a financial loss to the insured, perpetrated by a third party. Common examples are using the insured’s system to carry out transactions such as making bookings, initiating refunds, manipulating order details etc.

4 https://www.acfe.com/-/media/files/acfe/pdfs/rttn/2024/2024-report-to-the-nations.pdf

5 Loss suffered by a person or entity other the insured

6 These trends are for the period of January 2022-March 2023

7 The outcomes and observations are basis the calculation of the primary and excess Rate On-Line (ROL) which is the premium charged for a policy limit of USD 1 million. For our observations, we filtered these by revenue sizes categorized as large (>USD 1bn), mid-size (USD 200mn to USD 1bn) and small (<USD 200mn) and the number of claims per policy, client or revenue segment. The data used to arrive at these outcomes and observations are our internal data collected from clients across India

8 The outcomes and observations are basis the calculation of the primary and excess Rate On-Line (ROL) which is the premium charged for a policy limit of USD 1 million. For our observations, we filtered these by revenue sizes categorized as large (>USD 1bn), mid-size (USD 200mn to USD 1bn) and small (<USD 200mn) and the number of claims per policy, client or revenue segment. The data used to arrive at these outcomes and observations are our internal data collected from clients across India

9 The outcomes and observations are basis the calculation of the primary and excess Rate On-Line (ROL) which is the premium charged for a policy limit of USD 1 million. For our observations, we filtered these by revenue sizes categorized as large (>USD 1bn), mid-size (USD 200mn to USD 1bn) and small (<USD 200mn) and the number of claims per policy, client or revenue segment. The data used to arrive at these outcomes and observations are our internal data collected from clients across India * expressed as USD per USD 1 million