Your cyber insurance probably doesn't cover BEC. Here's how to read the policy.

You paid your cyber insurance renewal last quarter. The annual premium was somewhere between $4,000 and $40,000 depending on the size of your title firm. The policy says "Cyber Liability" on the cover page. There is a section labeled "Cyber Crime" or "Funds Transfer Fraud." You filed the renewal, mailed the certificate to your bonding company, and moved on.

Then a $487,000 closing wire goes to a scammer. You file the claim. Six months later, the denial letter arrives. The carrier cites a clause you've never read, in a section of the policy you didn't know existed, and refers to a definition of "social engineering" that you had no idea applied to your situation.

This is the most common single-event financial loss in the title industry in 2026. It is also one of the most preventable — if you read your policy before the loss happens.

This handbook is a walkthrough of what to look for, what to push back on at renewal, what to negotiate before the next 12-month term begins, and what to do if the loss does happen and the denial letter arrives. It is written from the perspective of QATCH.ai — we build the verification + insurance stack that complementsyour cyber policy by covering the BEC gap directly. We are not in the cyber insurance business; we are in the "your cyber policy probably doesn't pay" business.

The current state of cyber insurance & BEC in 2026

The cyber insurance market has gone through three distinct phases over the past decade. Understanding which phase your policy is from is the first step.

Phase 1 (2014-2019): Broad coverage, low premiums. Insurers had not yet absorbed the actual loss data; BEC was covered as part of general cyber crime in most policies, with limits matching the broader policy.

Phase 2 (2020-2023): The reckoning. As BEC and ransomware loss data rolled in, carriers realized cyber crime was structurally unprofitable at the rates they were charging. The first wave of changes hit: premiums tripled, exclusions sharpened, sub-limits arrived. By the end of 2023, most policies had a separate social engineering sub-limit of $100,000-$250,000 even when the overall policy limit was $5M+.

Phase 3 (2024-2026):The exit. Several carriers are quietly exiting BEC entirely, either by tightening the social engineering exclusion to apply to virtually any wire-fraud loss, or by requiring callback verification controls that almost no SMB title company actually has in place. Coalition Insurance, Beazley, and several Lloyd's syndicates have publicly noted that BEC has become "non-economic" at the primary level.

What this means for your policy: if your policy was issued or renewed in 2024-2026, you almost certainly have either a social engineering exclusion, a sub-limit, or both. The exact wording varies by carrier, and the wording is what determines whether your claim gets paid.

The four clauses that determine whether you're covered

Pull out your policy right now. Use the table of contents or the index to find the following four clauses. If you can't find them all, your broker should walk you through where they live in your specific carrier's template. (If your broker can't do this in one call, you may want a different broker.)

Clause 1: The Cyber Crime / Funds Transfer Fraud insuring agreement

This is the part of the policy that says what is covered. Look for headers like:

• "Cyber Crime"
• "Funds Transfer Fraud"
• "Computer Fraud"
• "Wire Transfer Fraud"
• "Social Engineering Fraud" (sometimes a named sub-coverage)
• "Fraudulent Instruction" (the most common carrier-side label for BEC)

The insuring agreement should say something like: "The Insurer will pay the Insured for direct financial loss resulting from a Fraudulent Instruction." Then there will be a definition of "Fraudulent Instruction" — usually requiring that the instruction (a) appeared to come from a person authorized to instruct the wire, (b) was transmitted via a means that the Insured's controls recognize, and (c) caused the Insured to transfer funds to a fraudulent recipient.

Watch for: the definition of "authorized person" usually excludes your customers (e.g., the buyer at a closing). Many BEC attacks succeed because the buyer wires the money to the scammer, not because youdo — and that buyer-side loss is rarely covered by your firm's cyber policy.

Clause 2: The Schedule of Limits

Once you've found the coverage, find the limit. Most policies have a separate page (often near the front of the policy or in a declarations schedule) that lists each coverage and its specific limit. Look for a line that reads something like:

Cyber Crime — Sub-limit:                  $250,000 per claim
  Of which: Funds Transfer Fraud         $250,000
  Of which: Social Engineering Fraud     $100,000
  Of which: Telecommunications Fraud     $100,000

Watch for:the sub-limit on Social Engineering Fraud is almost always lower than the sub-limit on Funds Transfer Fraud generally. In many policies, the carrier's position is that BEC is Social Engineering, not generic Funds Transfer Fraud — which means the $100,000 limit applies, not the $250,000. This is the single most common dispute in BEC claims.

Math check: if your average closing wire is $400,000+ and your social-engineering sub-limit is $100,000, you are self-insuring at least 75% of every BEC loss before you even read the rest of the policy.

Clause 3: The Social Engineering Exclusion

This is where most claims actually die. Look in the Exclusions section of the policy for something like:

"This insurance does not apply to any Loss arising directly or indirectly from any actual or alleged fraudulent, dishonest, or criminal acts, errors, or omissions of the Insured or any person or entity acting in concert with the Insured, or to which the Insured was a knowing party. For the avoidance of doubt, this includes any loss resulting from an Authorized Person acting on a Fraudulent Instruction, regardless of whether the Insured was aware of the fraudulent nature of the instruction at the time of acting."

This is the carrier's nuclear option. The clause says, in effect: "If your employee voluntarily wired the money — even if they were tricked into doing so — the loss is not covered, regardless of what other clauses appear to provide." Many carriers use this exclusion to deny BEC claims even when the policy has a named Funds Transfer Fraud sub-coverage.

The litigation history:over the past five years, the courts have been split on whether this exclusion is enforceable when the policy explicitly grants BEC coverage. The trend in 2024-2026 has been carrier-favorable — courts are increasingly upholding the exclusion as written, with the reasoning that the named sub-coverage is for "Computer Fraud" (i.e., the hacker breaks in and transfers the money themselves) rather than "Social Engineering" (i.e., your employee gets tricked into doing it).

What to do at renewal: ask your broker explicitly to negotiate removing the social engineering exclusion in favor of a named Social Engineering sub-coverage with a real limit. Some carriers will do this for a premium increase; others will refuse. If your carrier refuses, the message is clear: they do not actually intend to pay BEC claims under this policy.

Clause 4: The Conditions Precedent

The conditions precedent are the actions you must have taken before the loss for coverage to apply. Almost every modern cyber policy includes:

• Documented dual-control — wires above a stated threshold must be approved by two authorized people before release
• Documented callback verification — the recipient must be called at a phone number on file (not provided in the email) before the wire is released
• Documented written procedures — your firm must have a written wire-verification policy and provide it on demand
• Documented training — your staff must have received specific BEC awareness training within the past 12 months
• Multi-factor authentication — must be enabled on all email accounts that touch wire instructions

Why this matters: if you suffer a BEC loss and the carrier's investigator finds that any one of these conditions was not met, the policy gives the carrier the right to deny the claim. The denial rate on BEC claims has risen to approximately 37% as of 2024-2026, and the leading cause of denial is failure to meet a condition precedent.

The denial rate problem

According to industry data compiled by the Council of Insurance Agents & Brokers (CIAB) and individual carrier disclosures, BEC claim denial rates have climbed steadily:

• 2020: ~12% denial rate
• 2022: ~24% denial rate
• 2024: ~33% denial rate
• 2026 (YTD): ~37% denial rate

The denials cluster around four themes, in order of frequency:

1. Social engineering exclusion applied — the carrier asserts the loss falls under the exclusion regardless of the named coverage
2. Failure to meet a condition precedent — usually the callback verification or dual-control requirement
3. Sub-limit confusion — the carrier pays the smaller sub-limit (often Social Engineering at $100K rather than Funds Transfer Fraud at $250K), insured disputes
4. Definition disputes — the carrier argues the loss isn't a "Fraudulent Instruction" as defined in the policy (e.g., the email came from outside your organization, not from an "Authorized Person")

The denial timeline is also brutal. Most carriers take 90-180 days to even acknowledge the claim, another 60-120 days to investigate, and another 30-90 days to either pay or deny. Total time from loss to denial is routinely 9-14 months. During that time, your firm is operating with the full cash loss on the balance sheet.

What to negotiate at your next renewal

You probably can't get a perfect cyber policy. The market in 2026 is hard. But you can ask for:

1. Removal of the social engineering exclusion in favor of a named Social Engineering sub-coverage with at least $500K limit. Some carriers will do this; many won't.
2. Increase the Social Engineering sub-limit to match the overall policy limit, even if it costs an additional premium. If the carrier won't budge above $250K, you know what the policy actually provides.
3. Clarify the definition of "Authorized Person" to include both your employees and your customers in their authorized capacity (so a customer-side BEC isn't automatically excluded).
4. Soften the conditions precedent to be commercially reasonable. Some standard conditions (like "callback verification at a number obtained from a verified source") are nearly impossible to comply with in practice without dedicated tooling.
5. Add a definitions-priority clause stating that in the event of conflict between an insuring agreement and an exclusion, the insuring agreement controls. This protects against the "the exclusion swallows the coverage" problem.

Your broker should be able to push on all five. If they push back with "the carrier won't do that," ask them to shop the policy to a different carrier. The cyber insurance market is currently buyer-favorable for well-managed firms — there is more capacity than there is good risk to underwrite, and a firm that can demonstrate verification controls (e.g., QATCH or CertifID in place) is a more attractive risk to carriers in 2026.

What to do if the loss happens and the denial arrives

In our work with title companies, we've seen the playbook that gets claims paid even when the initial denial seems airtight. The compressed version:

1. Don't accept the initial denial. Carriers know that ~40% of denied claimants will not push back. Push back.
2. Demand the policy interpretation in writing. Ask the carrier to specifically identify the clause they're relying on, and to provide their reasoning. Many initial denials are templated and fall apart under scrutiny.
3. Engage a coverage attorney early. The cost ($5K-$25K for a denial review) is often less than the recovery. Look for an attorney whose practice is specifically cyber/BEC coverage disputes, not general insurance litigation.
4. File the bad-faith complaint with your state insurance commissioner. This is free, takes 30 minutes, and changes carrier behavior. Many carriers settle claims that have a bad-faith complaint pending rather than risk regulator scrutiny.
5. Document everything. Every email with the carrier, every phone call summary, every internal note. Carriers have specialized claims-handling staff; you need a paper trail.

The honest reality: even with all of this, you may not recover more than the sub-limit. The handbook is about minimizing the gap, not eliminating it.

How QATCH closes the gap

QATCH.ai exists because the cyber insurance gap is permanent. Carriers will continue to pull back from BEC because the line is structurally unprofitable at primary-market premiums. Title companies, escrow agencies, and similar businesses need a different product.

The QATCH structure is fundamentally different from cyber insurance:

• Outcome-priced. You pay a small per-transaction fee (5-8 basis points) on wires you choose to insure. If the wire turns out to be fraud, we pay you back within 30 days. The premium is a small fraction of one closing's cost; the payout limit is up to $2M per transaction.
• Verification-gated. We only insure wires our AI + human verification stack has approved. The expected loss ratio on this book is under 2 bps because the verification catches the vast majority of attacks before release. We can write this profitably at premiums cyber carriers cannot.
• No social engineering exclusion. The whole point of QATCH is to insure wires that an employee voluntarily released after our verification approved them. The exclusion that breaks cyber coverage is the exact category we exist to cover.
• 30-day payout. Not 9-14 months. We process the claim, validate the loss, and wire the reimbursement within 30 days. Our reinsurance partner absorbs tail risk on catastrophic single events.
• No subrogation drama. We handle recovery from the scammer ourselves. Your firm isn't pulled into civil litigation.

We are not a replacement for cyber insurance — there are other cyber risks (ransomware, data breach, regulatory penalties) that you should keep your cyber policy for. We are the BEC-specific layer that fits in the gap your cyber policy leaves open.

Closing thoughts

The most preventable financial loss in the title industry in 2026 is a BEC wire that your cyber insurance won't cover, sent to a scammer who used an AI voice clone of a person your buyer trusted, and discovered three days later when the legitimate seller asked where the money went. The defenses against this attack exist, but they require both better controls (callback to verified phone numbers, dual control, written procedures) and better insurance (outcome-priced, verification-gated, with no social engineering exclusion).

Your cyber policy is doing what it was priced to do. The line just doesn't cover the loss you think it covers. Read the policy. Negotiate the renewal. And add the layer that covers the BEC gap directly.

If you operate a title or escrow company and want to be part of the QATCH design partner program (60 days free, full insurance enabled, 30-minute onboarding), the application is on our front page. We respond personally within one business day.

Q&A

This handbook will be updated annually as the cyber insurance market evolves. Last updated: May 21, 2026. Not legal advice — consult a coverage attorney for specific policy interpretation questions.