Latest News

Report: Policyholders may be exposed to rising phishing losses

Written on Aug 12, 2022

Phishing scams continue to be a significant exposure for companies, with a surge in attacks over the past three years, but insurance coverage for the exposure is often capped by policy provisions. 

Policyholders seeking coverage for phishing-related losses will find it available primarily in cyber liability or crime policies, but it is usually subject to sublimits, experts say. 

Policyholders should examine other policies for additional opportunities to obtain coverage for phishing losses, they say. 

A report issued by the FBI in May said sophisticated scams that target businesses and the individuals who handle transfer-of funds requests increased 65% between July 2019 and December 2021. 

Phishing coverage falls into a gap between cyber liability insurance, which typically responds to breaches, and crime policies, which cover money stolen from companies, and one of the ways insurers try to bridge the gap is with social engineering endorsements or coverages. 

The attacks also raise other issues that can cause coverage disputes. 

“Phishing attacks are kind of a gateway, because it can cause many types of cyber losses and claims,” including data breaches, forensic costs, recovery notification costs, reputational loss, ransomware and regulatory claims, Gamelah Palagonia, executive vice president, cyber development, and regulatory leader with Willis Towers Watson, said in a statement. “The question is, what does phishing lead to and what happens next. There’s a lot of nuance in the coverage, and not all insurers respond uniformly to the same situation.” 

Some experts say the availability of phishing coverage is declining.  

The decrease reflects the overall tightening in the market over the past two years.