Business cover · Cyber

Cyber-Crime & Fraud Cover: Why a Standard Cyber Policy May Not Pay

Phishing and fraudulent transfers are among the most common ways Indian businesses lose money online — and one of the most common reasons a cyber claim is denied. Here's the gap, explained.

Being hacked and being tricked are not the same loss — and they're often not the same cover.

The difference between a hack and a con sounds academic — until you claim. Here's which policy responds to which loss.

The short version

  • Being hacked and being tricked are different losses — and often different cover.
  • Standard cyber liability responds to breaches; fraud where someone was deceived into paying is frequently a separate add-on or sub-limited.
  • This is not the same as commercial crime insurance, which covers employee theft and embezzlement.
  • In the UPI era, the fraud gap is exactly where small businesses get hurt.

Cyber-crime vs cyber-liability

Cyber liability cover responds when your systems are breached; cyber-crime or fraud cover responds when money is taken through deception.

Many standard cyber policies cover the first and quietly exclude or sub-limit the second — which is why the distinction matters the day you claim.

The phishing and funds-transfer gap

If an attacker breaks in, a cyber policy responds; if your team is tricked into wiring a payment, some policies won't pay, because nothing was technically “breached.”

Others cover it, but under a separate social-engineering or funds-transfer sub-limit that's usually far smaller than the headline cover. Since phishing and business-email fraud are among the most claimed losses, this is the single most important thing to confirm in writing.

How this differs from commercial crime insurance

Commercial crime cover deals with traditional financial crime — employee theft, embezzlement, forgery; cyber-crime cover deals with digitally engineered fraud from outside.

A business with real exposure to both may need both. If your concern is internal theft, that sits under commercial crime insurance.

Which policy responds to which incident

A quick guide — always confirm against the policy wording.

Which cover responds to which loss
IncidentCyber liabilityCyber-crime add-onCommercial crime
Systems hacked, data breached
Ransomware locks your systems
Staff tricked into wiring funds (BEC)sometimes / sub-limitsometimes
Phishing leads to a fraudulent paymentsometimes / sub-limit
Employee steals money or data

What to check

Before you buy, confirm three things in the wording: is social-engineering / funds-transfer fraud covered at all; what is the sub-limit; and what conditions apply.

Conditions like callback verification and reporting deadlines decide whether a valid claim is paid. The broader criteria are in how to choose cyber insurance.

Frequently asked questions

Does cyber insurance cover phishing or a fraudulent transfer?

Not automatically. It's often a separate add-on or carries a much lower sub-limit than the main cover. Confirm it in writing.

What is cyber-crime insurance?

Cover for money lost through digital deception — phishing, business-email compromise, fraudulent fund transfers — as distinct from breach and hacking cover.

Is cyber-crime insurance the same as commercial crime cover?

No. Commercial crime covers employee theft and embezzlement; cyber-crime covers externally engineered digital fraud. See commercial crime insurance.

Does it cover UPI or online banking fraud?

Some cyber-crime cover responds to certain UPI and online fraud scenarios, subject to conditions like timely reporting. It varies by policy — check the wording.

What happens when you talk to us

A 20-minute video call with a Growth Advisor — no obligation, and no quote pushed. It opens with a five-minute video from our founder on how the benefits stack works and why Ethika exists; the rest is your questions. You'll leave with an honest read on your current cover and claims experience, and a straight answer on whether we can genuinely help — even if you never become a client.

Talk to us

20 minutes with a Growth Advisor. No obligation.

A note on this page. Everything here is general information, not insurance, legal, financial or tax advice, and nothing is an offer. For advice about your situation, talk to us.