Newsletters
Risk Central
Digital EditionSmarter Criminals, Bigger Threats: Why Crime Insurance Is Becoming Essential for Businesses
Commercial crime has come a long way from the days when a masked bandit with a crowbar could pry open a warehouse window and make off with the goods. Nowadays, criminals often rely on remote technology that uses trickery and back-door channels to crack the corporate vault.
“The bank robberies of our great-grandparents are being replaced by AI-generated deepfake frauds,” said Jim Kardaras, senior director, crime and fidelity, management liability and specialty lines at Nationwide.
Some of the criminals’ successes could be movie scripts. Last year, a Hong Kong multinational transferred $25 million to a fraudster who set up a video call that featured deepfakes of the company’s top management. Earlier this year, a Dubai-based cryptocurrency exchange lost around $1.5 billion in virtual assets to hackers that exploited a routine transfer of funds and converted the stolen funds to other currencies.
The impact of high-tech crime isn’t limited to large operations hit by billiondollar fraudsters and creators of C-suite holograms; it also hits smaller businesses as many big companies shore up their defenses. And, technology gives new weaponry to thieves targeting traditional exposures such as cargo in transit.
Crime and Tech
Cybercrime has not entriely displaced traditional criminal activity. Insider theft by employees remains a big exposure as well, and the telephone often operates as efficiently as the internet to facilitate fraudulent transfers.
But there is no doubt that technology has opened up new opportunities for thieves who prefer to operate online and in the shadows.
“The advancement of AI technology has dramatically shifted the playing field in favor of cybercriminals,” said Alex Doerflein, executive underwriter with AmTrustCyber, a unit of AmTrust Financial Services.
“Any business that has a bank account and relies on their employees to conduct transactions” could be targeted by sophisticated social engineering scams, he said.
“AI is being used to write some very crafty emails,” said Kyle Lutterman, vice president and head of cyber risk engineering at Arch Insurance.
“In terms of AI, this is an easy win for them,” he added, and organizations need rigorous awareness training to spot fake correspondence that could lead to fraud. Cybercrime losses go beyond the theft of goods and money, sources point out. A report by Palo Alto Networks Inc. revealed that 86% of successful cyberattacks last year led to significant business interruptions.
That’s a “staggering” number that “marks a strategic change from the traditional focus on data theft to tactics that disrupt operations, ultimately harming continuity and reputation,” said Ann Barry, Palo Alto’s senior director of risk management.
The good news is the report indicated that the length of time attackers go undetected fell to just seven days last year, down from 26.5 days in 2021. “This clearly indicates that investing in top-notch monitoring systems and skilled cybersecurity professionals is good risk management,” Barry said.
Alex Maza, D&O product leader with Risk Strategies, said that while the financial services sector has been a traditional target of cybercriminals, losses are climbing across other sectors. That, and the increased targeting of mid-sized and smaller operations, has highlighted the need for coverage.
“Crime insurance is widely available,” said Kardaras. “But certain areas or types of crimes can present challenges for finding adequate coverage, particularly when it comes to high-risk locations or sophisticated cybercrime.” “The demand for crime insurance is not abating in any way,” Maza said.
“Large companies were the prevalent buyers of crime insurance for a long time,” he added. “Smaller companies didn’t feel they needed it, didn’t understand the exposures, felt they had the proper controls in place and could avert any crime loss that would be material.”
But once the criminals began to aim at smaller targets, that was quickly found to be wishful thinking, according to Scott Taylor, director at Risk Strategies. Many businesses weren’t prepared with controls such as segregation of duties so that no one person has broad authority to disburse funds or handle payrolls, he said.
The frequency of ransomware claims has declined, but the amounts demanded to free up systems have risen, according to Rich Gatz, vice president and head of cyber claims at Arch Insurance.
“A lot of that has to do with the aggressiveness of the threat actors who are less likely to negotiate payments,” he said. “They’re not getting as much money so they are being more aggressive.”
Other Crimes
Insurers are also responding to the increasing threats of violence against U.S. companies with coverage that responds to physical damage caused by these activities.
Much of the demand comes from hotel operators in tourist destinations, but others around the region who are at risk of criminal violence are interested, too.
Meanwhile, insider threats such as employee theft are on the rise, “making it crucial for risk managers to regularly evaluate their cyber resilience and adjust their insurance coverage and limits to match their risk levels,” Barry said.
Not only is money being misdirected by criminals, but goods are also being stolen by cyber fraudsters, a type of theft that is increasing, said Kevin Guillet, managing director and crime product leader at Marsh.
Criminals who claim on the phone or by email to be customers with updated delivery instructions are responsible for much of the theft, Guillet said. “In the early days of fraudulent impersonation, it was all about funds on deposit. We are now seeing more and more claims that involve shipments of products.”
Much of the stolen merchandise shows up in online marketplaces, where customers don’t question its provenance.
Theft of cargo on the road remains a big problem for U.S. and Canadian companies, according to an analysis by Verisk CargoNet that showed a 27% spike in 2024 from the previous year. The estimated average value per theft reached $202,364, up from $187,895.
Most of the burglaries were trailer break-ins or theft of entire trailers rather than theft-by-deception schemes, the report revealed.
Even so, fraudsters using fake bills of lading or other documents have caused some big losses, according to Jarek Klimczak, chief risk casualty officer, specialty at AXA XL.
One shipper was fooled by fake papers used 10 times to order shipments that disappeared when the receiver vanished without paying, he said. Insurance written by AXA XL covers fraudulent theft of goods provided they are unable to be recovered, Klimczak said.
“Our clauses do not specify whether paper or digital documents” are used in the fraud, he explained, but if it is determined that the crime grew out of a cyber hack, coverage does not apply.” &
