Category: Crime & fidelity · Reviewed by Simon Temme, Account Executive · Last reviewed 2026-06-05
Computer fraud cover is the section of commercial crime insurance responding to financial loss from fraudulent use of computer systems to transfer money or property of the insured, distinct from but overlapping with funds transfer fraud cover and social engineering fraud cover.
Category: Crime and fidelity Also known as: computer fraud section, Insuring Clause G (in Lloyd’s BBB wording) First codified: Lloyd’s wordings from c.1980s Related legislation: Computer Misuse Act 1990 [1]; Fraud Act 2006 [2]; Insurance Act 2015 [3]
Computer fraud cover is one of the principal computer-enabled crime sections within modern commercial crime insurance and banker’s blanket bond policies. It responds to loss caused by fraudulent use of computer systems — typically the insured’s own computer systems — to cause an unauthorised transfer of money, securities or other property of the insured to a third party [4][5].
The classic computer fraud scenario involves an unauthorised actor (an external hacker or an internal employee acting beyond their authority) gaining access to the insured’s computer systems and manipulating them to cause an unauthorised payment or transfer. The cover responds for the resulting loss subject to the policy limits and the typical ‘discovery basis’ under which the loss must be discovered during the policy period (with retroactive provisions for losses arising from acts committed before but discovered during the policy period) [4][5].
The boundary between computer fraud cover and funds transfer fraud cover requires careful policy interpretation. Computer fraud typically involves manipulation of the insured’s own systems; funds transfer fraud typically involves a fraudulent instruction to a third-party financial institution (the insured’s bank) to transfer funds from the insured’s account. The two scenarios overlap in practice and policies typically include both sections to ensure comprehensive cover [4][5].
The boundary with social engineering fraud cover is also significant. Social engineering fraud typically involves the insured being induced by impersonation to authorise a transfer; computer fraud typically involves the unauthorised transfer occurring without the insured’s authorisation. Modern wordings increasingly address all three sub-classes within a unified ‘computer-enabled crime’ framework [4][5].
The substantive criminal law underlying computer fraud cover is set principally by the Computer Misuse Act 1990 (as substantially amended). The Act creates the offences of unauthorised access to computer material (section 1), unauthorised access with intent to commit further offences (section 2), unauthorised acts with intent to impair operation (section 3) and unauthorised acts causing or creating risk of serious damage (section 3ZA, introduced by the Serious Crime Act 2015) [1][6].
The Fraud Act 2006 provides the substantive fraud offences that underlie computer-enabled financial fraud. Section 2 (fraud by false representation) is particularly applicable to many computer fraud scenarios involving false representations made through computer systems [2].
The Insurance Act 2015 governs the duty of fair presentation and warranty rules for computer fraud insurance placements. Disclosure of IT security arrangements, internal control structures, prior security incidents and high-risk operations is critical to the fair presentation obligation [3].
The Data Protection Act 2018 (implementing UK GDPR) imposes obligations on data controllers and processors. Computer fraud events that result in personal data breaches trigger reporting obligations to the Information Commissioner’s Office within 72 hours and potential fines under the UK GDPR regime [7].
The Network and Information Systems Regulations 2018 impose security and incident reporting obligations on operators of essential services and relevant digital service providers [8].
Computer fraud cover is typically written as a section of commercial crime insurance or banker’s blanket bond, with limits aligned with the broader policy structure. For most commercial operators, the computer fraud limit is aligned with the limits for employee dishonesty and other principal sections. For banks and other financial institutions, computer fraud is typically written within the BBB structure at limits proportionate to the institution’s exposure [4][5].
Underwriters assess computer fraud risk based on the insured’s IT security arrangements, internal control structures, the specific applications and systems at risk, prior security incidents and the cyclical state of the market. Premium reflects both the bespoke risk and the broader market dynamics; computer fraud cover has hardened significantly since c.2018 reflecting the growth of cyber-enabled financial fraud [4][5].
Claims handling for computer fraud events involves forensic IT investigation, forensic accounting, banking channel recovery efforts and (where applicable) notification to Action Fraud, the National Crime Agency and the ICO. The combination of technical and financial complexity makes computer fraud claims among the most demanding in modern crime insurance [4][5].
The boundary between computer fraud cover and dedicated cyber insurance products requires careful management. Cyber insurance typically focuses on data breach response, regulatory liability, business interruption and similar broader cyber exposures; computer fraud cover focuses on the financial loss from the fraud itself. Modern broking practice typically arranges both with coordinated wordings to avoid gaps and duplications [4][5].
Standard computer fraud: cover for fraudulent use of computer systems to cause unauthorised transfers.
Fraudulent input cover: cover for losses arising from fraudulent data input into computer systems (distinct from unauthorised access).
Programmed mismanipulation cover: cover for losses arising from programmed manipulation of computer systems (e.g. malicious code, hardware tampering).
Computer extortion: cover for ransom payments following unauthorised access (overlapping with kidnap, ransom and extortion insurance cyber extortion).
Combined computer crime cover: integrated cover for computer fraud, funds transfer fraud, social engineering fraud and other computer-enabled crime within a single section.
Sub-limited computer fraud: where the cover is at a substantially lower sub-limit than the broader crime cover.
Financial institution computer fraud: enhanced cover for banks and similar institutions within the banker’s blanket bond structure.
A UK retailer with substantial online operations places commercial crime insurance including computer fraud cover. The placement provides £8m for computer fraud as part of the broader crime policy. During the policy year, external attackers gain unauthorised access to the company’s payment systems and manipulate them to divert refund payments to fraudulent accounts. Over a 6-week period before the manipulation is detected, approximately £420,000 is diverted. The computer fraud cover responds for the loss less the policy deductible. Forensic investigation establishes the attack vector and remediation is implemented to prevent recurrence. Figures in this example are illustrative.
This entry is part of the Apex Insurance Wiki. Last reviewed by Matt Bartlett on 2026-06-05. Next review: 2026-12-05.
Apex Insurance Brokers Limited. Authorised and regulated by the Financial Conduct Authority, FRN 724952. Registered in England and Wales, Companies House 07014570. This entry provides general information about UK insurance concepts and is not regulated advice. Consult your insurance broker on your specific position.
Apex Insurance Brokers serves UK professional services firms and commercial businesses. Call 0117 325 0027, email hello@apexinsurancebrokers.co.uk, or request a quotation.
Get a quote