Skip to main content

Article

Commercial crime insurance-pricing and claims insights

In today’s rapidly evolving business landscapes, there are several factors driving the surge in fraudulent acts. Majorly, the impact is due to growing technology, financial pressure, numerous data breaches and easy access to generative AI resulting in direct financial losses.

Introduction

With today’s rapidly evolving business landscape, there are several factors driving the surge in fraudulent acts as elucidated in Figure 3 below. The impact is due in large part to growing technology, financial pressure, numerous data breaches, and easy access to generative AI, resulting in direct financial losses. 

According to 2024 Global Financial Crime Report by NASDAQ and Verafin (https://www.nasdaq.com/global-financial-crime-report), in 2023, entities across the  globe suffered losses to the tune of US$485.6 billion  as a result of various fraudulent activities, exposing deficiencies in the fraud prevention measures of companies.   

Of the total crime claims notified by Marsh India clients in 2022-23, 56% of fraudulent acts were based in India followed by 19% in the US, 4% in the UK and remaining 21% across other countries. (Figure 1) (Based on Marsh India crime claims data: January 2022- December 2023)

This report aims to provide an in-depth analysis of crime claims and pricing trends of crime insurance, along with details of solutions that Marsh offers.

Crime insurance: A brief overview

Commercial crime insurance provides cover for direct financial losses and third-party losses (subject to policy terms and conditions) arising from business-related frauds,such as theft, forgery, robbery, and electronic crime,. orchestrated by or involving employees or third parties or in collusion by employees and third parties.

Owing to the increasing use of technologies, crime policies have also evolved to include cover for acts like computer fraud (Computer fraud is use of insured’s system to cause a financial loss to the insured, perpetrated by a third party. Common examples are using the insured’s system to carry out transactions such as making bookings, initiating refunds, manipulating order details etc.)s, social engineering/fake president frauds, fund transfer frauds, third-party crime, and so on.

Claims trends: An industry agnostic risk

While earlier mostly financial institutions were prone to such risks owing to the nature of their business, in recent years we have witnessed a significant surge in the frauds suffered by our clients in the technology (Tech), manufacturing, business process outsourcing (BPO), and e-commerce spaces. Marsh India witnessed a steep rise in the notifications under crime policies with the period 2022-23 seeing a 130% rise in number of notifications as compared to the period 2021-22. We noted that our clients suffered losses over US$17 Million in 2022-23, which was a two-fold increase from the year before.

Evolving nature of crimes

Fraudulent activities have become complex and intricate making it harder for companies to prevent them, despite having taken preventative steps. Social engineering frauds such as CEO frauds, and fund transfer frauds have also increased exponentially. These includes frauds where an external perpetrator impersonates a member of senior management and induces employees into making fraudulent fund transfers. Vendor fraud is also on a rise; this is where the perpetrator takes control of the email domain and requests change of bank account details, pretending to be the insured’s vendor. Such frauds have led to our clients losing on average US$533,000s. Physical theft still continues to be the largest cause of loss, with our clients suffering losses between US$50,000 and US$1.7 Million. This highlights the increasing susceptibility of security systems to such frauds (Figure 2). For example, one of our Tech client which extends site support and managed services of their customers saw large losses owing to computer frauds, with losses ranging between US$500,000 to US$1.3 Million.

Who is the perpetrator and which party suffers the most?

While over 59% of crimes were committed by an external perpetrator (Figure 4), the risk of occupational fraud, which are committed by employees, continues to remain of significant concern. According to Association of Certified Fraud Examiners’ (ACFE) Occupational Fraud: A Report to  the Nations 2024, over 54% of occupational frauds reported across the globe were committed by two or more perpetrators acting in collusion leading to companies reporting a median loss of US$329,000 (https://www.acfe.com/-/media/files/acfe/pdfs/rttn/2024/2024-report-to-the-nations.pdf).

Besides first party losses, fraudulent activities also led to our clients suffering huge third party losses (Loss suffered by a person or entity other the insured) (figure 5). While the intent of a crime policy is to cover direct financial loss, this policy would also extend cover to third party losses involving the fraudulent act of an employee, where agreed by the insurer. In recent times we have seen change in type of claims, such as increase in third party losses vis a vis first party loss. However, we also found insurers applying allocations on grounds of negligence by insured’s clients who are suffering losses, breach of Standard Operating Procedures and deviation from disclosures made in insurance proposal forms.

Crime insurance pricing trends for Communications, Media, and Technology (CMT) companies

In the realm of crime insurance, there has been an overall increase of 7.57%, a notable decrease from the previous year's 43.8% surge. Insurers in this sector are increasingly cautious about cyber-crime-related risks and overlapping coverage, leading to restrictions on capacities and coverage options. While some insurers continue to participate in policy renewals, they are becoming skeptical about deploying capacities for new proposals, and some have even ceased underwriting crime policies altogether. Notably, some large companies (with revenue greater than US$1 billion) that are involved in M&A activities have seen a significant 60% increase in deductibles, reflecting insurers' concerns regarding rising crime claims during transition periods.

 

Policy

ROL 2021-22 (Primary and Excess) 

ROL 2022-23 (Primary and Excess)

Change in Average ROL (%)

Crime

3,2241

3,4892

7.573

1 The outcomes and observations are basis the calculation of the primary and excess Rate On-Line (ROL) which is the premium charged for a policy limit of US $1 million. For our observations, we filtered these by revenue sizes categorized as large (>US $1bn), mid-size (US $200mn to US $1bn) and small (<US $200mn) and the number of claims per policy, client or revenue segment. The data used to arrive at these outcomes and observations are our internal data collected from clients across India.

2 The outcomes and observations are basis the calculation of the primary and excess Rate On-Line (ROL) which is the premium charged for a policy limit of US $1 million. For our observations, we filtered these by revenue sizes categorized as large (>US $1bn), mid-size (US $200mn to US $1bn) and small (<US $200mn) and the number of claims per policy, client or revenue segment. The data used to arrive at these outcomes and observations are our internal data collected from clients across India.

3 The outcomes and observations are basis the calculation of the primary and excess Rate On-Line (ROL) which is the premium charged for a policy limit of US $1 million. For our observations, we filtered these by revenue sizes categorized as large (>US $1bn), mid-size (US $200mn to US $1bn) and small (<US $200mn) and the number of claims per policy, client or revenue segment. The data used to arrive at these outcomes and observations are our internal data collected from clients across India * expressed as USD per US $1 million.

Conclusion

We have witnessed large crime losses breaching policy limits in the past years. These large losses have led to insurers exercising great caution in participating on new crime programs; restricting their exposures on new placements; and limiting their exposures on old renewals by putting limited discovery/retroactive date clauses, overcoming the discovery-based nature of crime policies. Our clients were subjected to large losses arising from complex fraudulent activities, orchestrated through cyber systems. This growing trend of using technological devices to carry out sophisticated fraud has led to insurers adding aggregation clauses to policies, to limit any overlap between cyber and crime policies. Insurers are adopting wordings like the verification clause, which limits cover to only when insured has made efforts to verify the change in the bank account details before processing the payment. While these clauses are added by insurers, we have seen a mismatch between the internal standard operating procedures (SOPs) and insurance policy requirements, especially with regard to these mandated verifications.

Additionally, insurers have been consistently trying to tighten strings around their crime policy exposures, leading them to rely stringently on disclosures made by insureds in their proposal forms, relating to adherence to SOPs, periodic audits, and verification processes. Insureds must ensure that the disclosures made by them in the proposal forms are accurate and are being followed with sincerity, as any false or misleading information can lead to a claim being repudiated.