Many policyholders believe they are covered for theft, fraud, and forgery when their computers are hacked, and they are duped out of money. They read their policies’ terms regarding theft, fraud, and forgery and reasonably assume that if someone steals their money through deception, the insurance will respond. A recent unpublished South Carolina appellate decision involving a $250,000 wire transfer loss exposes just how wrong that assumption can be. 1
In this case, a law firm’s email system was compromised. A trusted employee received what appeared to be legitimate instructions from the firm’s principal to wire funds. The employee did exactly what she was supposed to do. The money was sent. Only later did everyone realize that a hacker had been orchestrating the entire exchange. The funds were gone.
The policyholder turned to its insurance carrier, pointing to multiple provisions that appeared to provide coverage—money and securities coverage, theft coverage, and forgery endorsements. From a common-sense perspective, this looked like a textbook covered loss. After all, if this is not theft or fraud, what is?
The insurer saw it very differently. The denial rested on the “false pretense” or “voluntary parting” exclusion. That clause eliminates coverage where the insured or its employee “voluntarily” transfers property, even if induced by fraud. In other words, if you are tricked into sending the money, the insurer claims it is not theft in the way the policy contemplates.
The policyholder argued that this interpretation made no sense. How can a transfer be “voluntary” if it was induced by deception? This argument and view is a common one in these types of cases. The appellate court, however, sided squarely with the insurer.
The court held that the policy was unambiguous. It reasoned that endorsements providing coverage for theft or money losses remained subject to exclusions, including the false pretense clause. It further concluded that the employee’s act of wiring the money was “voluntary” because she intended to make the transfer, even though she was deceived about the reason for the transfer. The fact that a hacker orchestrated the fraud did not change the characterization of the transfer.
The court also rejected the argument that the forgery endorsement applied. It narrowly construed that coverage to apply to traditional instruments like checks or promissory notes, not to emails or invoices demanding payment.
This decision is not an outlier. It reflects a national trend. Courts are drawing a bright line between computer hacking losses that trigger specific cyber or funds-transfer fraud coverage and social engineering schemes where an employee is duped into sending money. In the latter category, the trend is to find that the voluntary parting exclusion prevails.
Most traditional property policies were written for a different era. They were designed to address physical theft, employee dishonesty, and paper-based fraud. They were not developed in an era to handle phishing emails, spoofed domains, or sophisticated cyber deception. Yet many businesses continue to rely on these legacy forms, believing that broad terms like “theft” or “fraud” will cover modern risks. They often do not.
The lesson is that coverage for these types of losses must be purchased explicitly. Modern cyber policies and specialized social engineering endorsements are designed to fill this gap. They address precisely the scenario that defeated the policyholder in this case: an authorized employee, acting in good faith, is manipulated into transferring funds to a criminal. Without that specific cyber and social engineering coverage, policyholders are left arguing against exclusions that courts routinely enforce.
Insurance is supposed to provide protection against unforeseen risks. Few risks are more foreseeable today than cyber fraud. When policies promise protection against theft and fraud but fail in the most common real-world scenario, it raises legitimate questions about whether the industry is keeping pace with the risks it purports to cover. The industry should make these types of coverage in the primary coverage forms unless the policyholder opts out.
For policyholders, however, the lesson is practical, not philosophical. Do not assume that yesterday’s policy language will protect against today’s cybercrimes. Policyholders and their agents must ask direct questions about cyber losses and social engineering fraud. Make sure the policy purchased covers these perils. Computer scams and hacking are now a major risk.
For those interested in learning more about cyber and social engineering losses, I suggest reading The Cyber Insurance Bait and Switch Nobody Wants to Admit.
Thought For The Day
“South Carolina is too small for a republic and too large for an insane asylum.”
— James L. Petigru
1 Speights v. Chubb Limited, No. 2023-001845, 2026 WL 1165625 (S.C. App. Apr. 29, 2026). See also, Policyholder Brief and Insurer Brief.