Skip to main content
Marsh logo

Commercial crime insurance: Protect your business from financial losses due to employee dishonesty, scams, and social engineering fraud

Assess your fraud exposure and policy wording to close coverage gaps. Marsh handles complex insurance placements up to US$400 million and supports claims across Asia.

Book a complimentary crime exposure review

What are the commercial crime risks affecting businesses in Asia?

Technology is making fraud easier. Social engineering, deepfakes, and AI-driven tactics are creating more convincing scams, while third-party fraud is becoming more complex.

Malaysia’s scam-related losses reached approximately RM2.7 billion in 2025, representing a 76 per cent increase from 2024. These losses underscore the need for organisations to reassess evolving crime and fraud exposures and whether their protections — including insurance — remain adequate.

Three key areas to review when assessing your commercial crime coverage

As fraud tactics evolve, organisations should review three key risks:

  • Rising financial exposure: AI-driven scams, deepfakes, and social engineering attacks are increasing financial loss risk.
  • Controls being bypassed: Remote work and automation are widening opportunities for technology-enabled fraud.
  • Coverage gaps: Many organisations assume they are covered, only to find gaps after a loss due to insurer definitions and policy wording differences.

What does commercial crime insurance cover?

A well-structured commercial crime insurance policy can provide financial protection for losses arising from business-related crimes, including:

  • Employee white-collar fraud
    Marsh Asia data shows that around 50% of crime policy notifications are for employee fidelity losses, often involving trusted employees exploiting systems for personal gain.
  • Third-party fraud
    External partners or suppliers may manipulate invoices or payment details to divert funds to fraudulent accounts.
  • Collusion
    Fraud becomes harder to detect when employees collude with each other or external parties, bypassing internal controls.
  • Hacking or computer-related crime
    AI-enabled phishing and social engineering tactics are used to bypass traditional controls. While crime policies usually exclude ransomware attacks, most will cover direct financial losses from funds stolen through phishing or other attacks.
  • Social engineering fraud
    Criminals impersonate executives using email, phone, or even deepfake technology to deceive staff into transferring funds.
  • Tangible asset theft
    Protects against the theft of cash or valuables, including safes, vaults, and other high-value property.

Differences in policy wording across insurers — such as how employee dishonesty, social engineering fraud, or loss triggers are defined — can materially affect how a claim responds. Marsh Risk Asia goes beyond placement to review, compare, and negotiate policy wordings so organisations can structure coverage that aligns with their specific crime exposures.

“AI is making fraud far more sophisticated and eroding long-standing controls between businesses and their banks and other counterparties. With these threats growing in frequency and severity, the financial fallout is an increasing concern for companies across every sector.”

Ali Chaudhry
Managing Director – FINPRO Leader, Marsh Risk Asia

“Malaysia’s recent scam losses show how fraud is evolving rapidly from opportunistic theft into organised, technology-enabled crime. For Malaysian businesses, this means prevention alone is no longer sufficient — commercial crime insurance and regular reviews of policy wording are critical parts of a resilient response that protects balance sheets and supports rapid recovery.”

Devakumaran Palnisamy
Managing Director and FINPRO Leader, Marsh Risk Malaysia

Seven practical steps to protect your business from deepfake fraud

Watch the video for a concise guide to building a holistic risk management strategy, which includes employee training and insurance reviews.

Why Marsh

We go beyond transactional broking to help organisations better understand, quantify, and manage evolving fraud and crime risks. Our Crime Risk Quantification Model helps assess exposure and potential financial impact, supporting decisions on risk transfer. With our team of brokers and former practising lawyers, wide market access, and experience placing complex commercial crime programs from US$10 million to US$400 million across Asia, Marsh helps organisations strengthen protection and navigate claims confidently.

Financial crime can happen when you least expect it

Get a complimentary crime exposure assessment to help determine appropriate insurance limits and protect your balance sheet.

FAQs

  1. What is the difference between commercial crime insurance and cyber insurance?

    Commercial crime insurance focuses on direct financial loss, such as funds stolen through fraud, social engineering, or payment diversion. Cyber insurance addresses losses arising from a cyber incident, including data breaches, network disruption, and related liability exposures.

    In practice, both play a role in a cybercrime incident. For example, a company in Asia suffered a US$2.5 million loss after hackers used phishing to compromise systems and alter payment details. The crime policy covered the stolen funds, while the cyber policy covered investigation and system recovery costs. Having both protections in place enabled the organisation to recover from both the financial and operational impacts of the cybercrime incident.

  2. What is the difference between fidelity insurance, money insurance, and commercial crime insurance?

    Fidelity insurance and money insurance are traditional policies that were designed to cover specific types of loss. Fidelity insurance typically covers employee dishonesty, while money insurance focuses on physical loss of cash, such as theft or robbery.

    Commercial crime insurance provides broader protection. It covers both internal and external crime, including fraud committed by employees, third-party fraud, and social engineering.

  3. Are social engineering and deepfake scams covered under commercial crime insurance?

    Coverage for social engineering and deepfake-related fraud under commercial crime insurance depends on how the policy is structured and the specific wording in place. Marsh works with organisations to review commercial crime insurance coverage, identify potential gaps, and structure policies that align with their exposure to modern fraud risks.

  4. How much commercial crime insurance cover does my organisation need?

    The appropriate level of commercial crime insurance depends on an organisation’s exposure to financial loss from fraud events, including the likelihood and potential financial impact of such events.

    Marsh’s Crime Risk Quantification Model provides a high-level view of an organisation’s crime and fraud exposure, based on key factors such as industry, revenue, and operational footprint. It helps organisations establish a starting point for considering appropriate limits. Marsh complements this with tailored risk analysis, supporting organisations in determining appropriate risk retention levels and the level of risk to transfer through commercial crime insurance.

  5. What controls do insurers look for when underwriting commercial crime insurance?

    Insurers assess the strength and effectiveness of an organisation’s internal controls when underwriting commercial crime insurance. This typically includes payment verification processes, segregation of duties, cybersecurity controls, employee awareness and training, and controls over third-party and vendor relationships. Strong controls can reduce exposure to fraud and support more favourable coverage terms.