As Q2 of 2026 gets underway, cyber insurance trends are already pointing in a new direction, with cyber-enabled fraud surpassing ransomware as the risk causing the biggest concern for C-suite executives. This shift accentuates the reality that fraud losses continue to balloon and that many policyholders are surprised that these losses are often covered only in part, or not at all, under many cyber insurance policies. Yet, with proactive work leading into renewal, policyholders can craft a comprehensive insurance program to cover these risks.
According to the World Economic Forum’s Global Cybersecurity Outlook 2026 report, a recent survey of C-suite executives found that fraud and phishing have now overtaken ransomware as the top cyber risks worrying CEOs, especially in organizations with less developed cybersecurity resilience. This represents a noticeable shift from 2025, when ransomware was the top cyber risk concerning CEOs. The report highlights that 73% of survey respondents experienced cyber-enabled fraud directly, or knew someone—personally or professionally—who was affected by it in 2025. Interestingly, while CEOs are most concerned about fraud, the report shows that Chief Information Security Officers (CISOs) continue to view ransomware as their primary cyber risk concern. With fraud now at the forefront for CEOs, policyholders should take this opportunity to strengthen their defenses against cyber incidents and review their insurance coverage to ensure they are adequately protected against cyber-enabled fraud claims.
Cyber-enabled fraud is often perpetuated by social engineering techniques like business email compromise (BEC), a type of cyber incident that is often used together with funds transfer fraud (FTF), where a cybercriminal compromises a business email to misdirect company funds. Cybercriminals often achieve their goal of misdirecting company funds to fraudulent accounts by using a variety of tactics. Those tactics include producing phony invoices while impersonating a company’s actual vendors; impersonating company executives by spoofing or creating an email address similar to an executive’s; impersonating attorneys and demanding wire transfers; and launching a BEC attack that uses a legitimate employee’s stolen email credentials (or a near-name/spoofed email address) to request invoice, EFT, or credit card payments from customers.
According to the Federal Bureau of Investigation, BEC attacks have resulted in more than $17 billion in reported losses in the United States in recent years. The frequency and sophistication of these attacks continue to rise, impacting organizations of all sizes and sectors and driving a significant share of cyber insurance claims.
To add another layer of uncertainty to this rapidly-evolving risk, the mass deployment and implementation of artificial intelligence among companies of all sizes creates the possibility that cyber-enabled fraud attacks will become more frequent as AI continues to develop. Given that AI is already capable of generating deepfakes, eerily realistic websites, and engaging in hyper-personalized social engineering and phishing, the rate at which cyberattacks are deployed is likely to increase.
To maximize insurance coverage for cyber-related fraud losses, policyholders should consider the following:
- Cyber-Enabled Fraud Losses Present Unique Coverage Challenges. Unlike ransomware, which cyber insurance policies typically cover, many standard cyber policies exclude coverage for social engineering losses and fraudulent transfers. Rather, many cyber insurance underwriters look to crime insurance to pick up these types of losses. Yet, even under standard crime insurance policies, fraudulent transfers and business email compromises due to social engineering may be excluded unless endorsements are purchased adding the coverage back in, oftentimes subject to various conditions. For example, some policies require that the policyholder’s employees confirm changes in banking details via a separate confirmatory call or email. Failure to comply with that condition may jeopardize coverage. Further – as with all insurance policies, wording matters. Terms like “computer fraud,” “funds transfer fraud,” or “fraudulent instruction,” can create confusion concerning which option insures against a request to transfer funds that an employee received from a spoofed executive email. Policyholders should carefully scrutinize the various insuring agreements under both their cyber insurance policies and crime insurance policies to ensure there are no gaps in coverage for these common risks.
- Cyber Policies Often Have Policy Limits That May Be Insufficient to Cover Cyber-Enabled Fraud Losses. Where coverage for losses stemming from cyber-enabled fraud does exist in cyber policies, it is often subject to sublimits that are much lower than the overall policy limits (often $250,000 in total coverage or less). Additionally, cyber policies may include retentions that are much larger than the applicable sublimits. For example, a policy may have a $100,000 sublimit for fraudulent transfers but a $1 million self-insured retention. In this scenario, the policyholder must incur $1 million in covered loss before obtaining up to $100,000 in coverage for the fraudulent transfer. These low sublimits and high retentions exist because cyber insurers often look to a policyholder’s crime insurer or other insurer to cover social engineering losses.
- Build Sufficient Limits Under Your Crime Insurance Program. If your company frequently makes large wire transfers or other payments to vendors or other parties, carefully consider what limits you must purchase to sufficiently insure common transfers at risk of social engineering schemes. For example, construction and real estate companies may make regular transfers in the several millions of dollars. Yet, even under crime insurance policies, coverage for these social engineering schemes and fraudulent transfers is often capped at a sublimit of $250,000 or less (although commonly subject to much lower self-insured retentions than coverage offered under cyber insurance policies). Fortunately, policyholders can purchase excess crime insurance coverage that will “drop down” to provide excess coverage over these sublimits. Policyholders can work with skilled brokers to then build a comprehensive crime insurance tower that may provide several million dollars of coverage for these risks.
- Securing Coverage for Cyber-Enabled Fraud Losses Requires a Comprehensive Strategy. Policyholders should also ensure their risk management strategies are regularly updated and address the latest cyber insurance and fraud trends. Employees should receive ongoing training to recognize signs of fraud and social engineering, as proactive awareness can prevent losses before they materialize.
Further, a company’s verification and other cybersecurity and fraud control measures are important because insurers often condition coverage for losses stemming from cyber-enabled fraud on the policyholder maintaining and using specific verification methods before transferring funds. Further, both cyber and crime insurers scrutinize cyber controls and proactive readiness in the underwriting and renewal process. To build out a comprehensive insurance program to address these risks, policyholders will need to demonstrate they have comprehensive controls in place.
Policyholders should identify the specific procedures mandated by the policy or represented to the insurer during the application process, and confirm those requirements are being followed. Ideally, this will not only avoid forfeiting coverage (based on a misrepresentation in the insurance application about various policies or controls) but may prevent the loss in the first instance. Cyber insurance applications are very detailed, and when completing applications, all key members of a company’s IT team, legal team, and business team should be involved to ensure that responses to application questions are accurate and complete. Experienced coverage counsel and skilled insurance brokers should assist policyholders in creating robust insurance programs to address all cyber risks, responding to cyber insurance application questions, and submitting cyber insurance claims.
As cyber-enabled fraud is taking center stage, policyholders should verify whether their current insurance coverage is adequate for cyber fraud losses, identify any sublimits and retentions that could limit recovery, and coordinate cyber and crime policies so there are no gaps in coverage for a loss. In concert with these, training, well-practiced cyber incident response plans, investment in cyber controls, and requiring out-of-band verification for billing changes remain key steps to stop fraudulent schemes in their tracks. Pairing those controls with a well-negotiated insurance renewal strategy allows policyholders to manage a risk that is growing in both frequency and sophistication.
