This article was written with the assistance of AI and edited by Angela Sabarese.
In a recent CLM webinar, titled, “Civil Recoveries: A New Necessity for Large Wire Fraud Losses,” a panel of experts warned that cybercrime losses have exploded from $4.2 billion in 2020 to $16.6 billion in 2024, with business email compromise accounting for $2.7 billion of reported losses. The panel—featuring Mark Lefkow, Copeland, Stair, Valz & Lovell, LLP; Brady Cohen, EPIC; Li Fan Hsu, Gallagher Bassett; and David Cole, Freeman Mathis & Gary, LLP—addressed insurance coverage issues, legal liability, and recovery strategies for these increasingly sophisticated crimes.
Complexities of Cyber Coverage
Cohen emphasized the complexity of cyber insurance coverage, noting, “I frequently say as it pertains to a cyber policy, if you know one cyber policy, you know one cyber policy. There [is] no uniform policy form across the board.” He explained that coverage for wire transfer fraud typically falls under either cyber liability or commercial crime policies, with sub-limits often capped at $500,000. The panelists stressed the importance of coordinating coverage between these policy types to maximize protection.
Hsu highlighted that “wire fraud is very common. It is the second most common cyber claim that we see. My team gets wire fraud cases [daily].” She identified three critical coverage issues: failure to verify payment instructions, late reporting to insurers, and situations involving money the insured handles but does not own.
The Legal Perspective
Cole outlined the legal framework courts use to allocate liability, explaining that “the party in the best position to prevent the fraud by exercising reasonable care must bear the loss of the fraud.” Courts typically place responsibility on parties who fail to verify wire instructions before transferring funds.
Perhaps most surprisingly, Lefkow revealed that recovery is often possible even months after the fraud occurs, as he has found money remaining in accounts due to “banking incompetence, criminal organizational incompetence, or the FBI's incompetence” in over half his cases, successfully recovering substantial sums through federal litigation.