If your finance team wires $75,000 to a fraudulent account because someone impersonated your CEO over email, which coverage responds — social engineering or cyber crime? The answer matters because not all policies include both, and some carriers set very different limits for each.
Here's how to tell them apart.
Cyber crime coverage — sometimes called fund transfer fraud — covers theft of money from your accounts that results from a failure in your computer security. Think: a hacker obtains your banking credentials and initiates a wire transfer without anyone at your company being deceived.
A hacker compromises your CFO's email account and uses the access to log into your online banking. They initiate a $50,000 wire to an account they control. No one at your company was tricked — the hacker simply had the credentials.
Social engineering coverage handles a different attack vector: deception. A criminal impersonates someone — your CEO, a vendor, a banker — and tricks an employee into voluntarily transferring funds or changing payment information. The security systems weren't breached. A person was manipulated.
Your bookkeeper receives an email appearing to be from the CEO asking for an urgent wire transfer to complete an acquisition. The email is fraudulent but looks legitimate. The bookkeeper sends $75,000. This is social engineering — business email compromise.
Business email compromise — the social engineering attack — is now one of the most common and costly cyber claims. Tech companies are frequent targets because they tend to move fast, have less formal approval processes, and often handle significant amounts in client funds.
Some carriers in our standard comparison don't offer cyber crime or social engineering coverage at all. Cowbell, for example, shows no crime coverage. If you handle any financial transactions, this gap matters.
There's a third related coverage worth knowing: invoice manipulation. This covers situations where a fraudulent invoice or fraudulent payment instruction is sent to a third party — for example, a criminal intercepts a legitimate invoice you sent to a client and substitutes their own banking details. The client pays the wrong account. Your receivables are stolen.
Coverage limits for these three crime coverages vary significantly across carriers — from no coverage at all to $1M limits. When comparing cyber policies, look specifically at the crime coverage section, not just the headline coverage limit.
CoverCompete™ breaks out every coverage row including social engineering, cyber crime, and invoice manipulation. Free comparison. No obligation. Most eligible businesses receive results within one business day.
Get your free comparison →