Jump to content

Definition:Computer fraud coverage

From Insurer Brain

💻 Computer fraud coverage is a coverage provision — found in crime insurance policies, financial institution bonds, and some cyber insurance forms — that indemnifies the insured against direct financial loss resulting from the unauthorized use of a computer to fraudulently transfer, pay, or divert money or property. Within the insurance industry, this coverage has become a significant source of both protection and litigation, as the definition of what constitutes "computer fraud" has been tested repeatedly by courts, particularly in the United States, in cases involving social engineering, business email compromise, and fraudulent electronic funds transfers. The coverage traces its origins to fidelity and crime policies that predated the modern cyber market, and its scope varies considerably depending on policy language and jurisdiction.

🔍 The mechanics hinge on policy wording, and the distinction between "computer fraud" and related perils like funds transfer fraud or social engineering is often nuanced and heavily litigated. Traditional computer fraud coverage typically requires that the loss result directly from an unauthorized entry into, or manipulation of, the insured's computer system. This means that if an employee is tricked by a phishing email into voluntarily initiating a wire transfer — without the computer system itself being hacked — some courts have found the loss falls outside computer fraud coverage because the computer was merely the tool used, not the instrument of the fraud. The landmark U.S. case involving Medidata Solutions, decided by the Second Circuit, expanded the interpretation in one direction, while other circuits have taken a narrower view. Outside the United States, crime and fidelity policies sold in the London market and across Europe contain analogous provisions, though wording and judicial interpretation differ. Insurers have responded to the ambiguity by introducing explicit social engineering endorsements with separate sublimits, and some cyber policies now address computer fraud as part of a broader digital crime coverage suite.

⚠️ For underwriters and brokers, the lesson from computer fraud coverage is how quickly legacy policy language can collide with evolving threat landscapes. As cybercriminals refine their methods — from direct system intrusions to sophisticated impersonation schemes — the gap between what policyholders believe is covered and what the policy actually responds to can create E&O exposure for intermediaries and reputational risk for carriers. Claims professionals must parse technical forensic evidence alongside policy wording, often consulting both IT specialists and legal counsel. The evolving jurisprudence has pushed the market toward clearer, more modular policy structures where computer fraud, funds transfer fraud, and social engineering each occupy distinct insuring agreements with explicit triggers and limits. For any organization buying crime or cyber coverage today, understanding exactly where computer fraud coverage begins and ends is a critical part of the risk transfer conversation.

Related concepts:

Retrieved from "https://www.insurerbrain.com/w/index.php?title=Definition:Computer_fraud_coverage&oldid=19585"