In principle, you still now need two separate insurance policies to obtain full cover against various forms of crime and the associated risks. First of all, there is traditional fraud insurance, which has been available for many years now but has recently drastically declined in popularity among insurance providers. The policy covers all direct financial losses, which you may suffer as a result of internal or external fraud, and can be extended to provide cover for research and reinstatement costs, amongst other things. In addition, cyber insurance has been available for a few years, which protects both you and third parties in the event of cyber incidents. This policy covers not only any damages resulting from human errors or intentional violations, but also insures you against cyber accidents (such as a member of staff accidentally causing a data leak).
Fraud insurance and cyber policy overlap in some respects. So, cyber extortion and fraudulent digital invoices can be covered under both policies and you may choose under which policy to submit a claim. However, it is not always that straightforward to determine which offence falls under which policy. Take, for example, CEO fraud, in which criminals present themselves via e-mail as the CEO or a senior manager within a company in order to extract sums of money from unwary employees. Although these attacks are carried out via e-mail, in other words digitally, they usually fall under traditional fraud insurance (and the cover is, in the case of many insurers, subject to certain conditions). What is important in this is to look at the consequences of the offence. If it has direct financial consequences only for your company, then it generally falls under a traditional fraud policy. If the actions have an impact on your data, networks or systems and you or a third party suffer a financial loss as a result, then you can assume that you are better off calling upon your cyber insurer.
Currently, however, there are unfortunately few if any combined solutions that protect you against both risks. The parties, which do so, apply specific sub-limits for this, which means that it’s not really an ideal solution that is on offer. We therefore recommend that you take out both a cyber policy and a crime policy. In this way, you are fully covered against the actual risks, which both cyber and crime currently present.