Insurance

Fidelity insurance: Why your biggest risk doesn't come from hackers

Nora Emig
published on
10.07.2026
-
min. estimated reading time
Share on
Table of Contents

Companies lose significant sums every year to fraud, embezzlement, and deliberate manipulation. While firewalls, backups, and access controls defend against cyberattacks, they fail exactly where the human element, rather than technology, becomes the gateway. This is where fidelity insurance comes in.

The invisible threat: How real is corporate crime, really?

When companies think about digital risks, their first thought is usually ransomware or encrypted servers. A second, often underestimated threat scenario remains in the blind spot: the abuse of trust.

Cases of corporate crime are split evenly between internal and external perpetrators. However, the financial impact tells a very different story: the more trust and decision-making power an individual has within a company, the greater the potential damage. According to the 2026 ACFE report, owners and executives caused more than nine times the damage of regular employees—clear evidence that trust in long-standing, high-ranking staff can become the greatest financial risk of all.

Added to this is an underestimated time factor: perpetrators rarely act just once. Instead, they inconspicuously integrate their actions into existing business processes. On average, it takes 12 months for a case of fraud to be noticed within a company—often it is only discovered during the annual audit. By that time, the stolen assets have usually already been moved through complex offshore accounts.

Insights from the ACFE report

A study shows just how significant this risk really is: The Association of Certified Fraud Examiners (ACFE) analyzed "Occupational Fraud 2026: A Report to the Nations" 2,402 real-world cases of corporate crime from 143 countries for its report. The key findings:

  • Revenue loss: Companies lose an average of 5% of their annual revenue to fraud and internal crime.
  • Extent of damage: The median loss per fraud case is 104,000 USDHowever, the average value jumps to $1,457,000 – because in 20% of all cases studied the loss exceeded the one-million-dollar mark.
  • Collusion as an accelerator: When a single perpetrator acts alone, the median loss is $55,000. If three or more perpetrators team up, it rises to $324,000 – almost six times as much. Multiple perpetrators are more effective at deliberately bypassing internal control systems.
  • Risk hotspots: More than half of all offenses are concentrated in five core areas: operations (13%), accounting (13%), sales (10%), customer service (10%), and executive management (9%).
  • Recovery rate: Once the money is gone, the loss usually remains on the books permanently. 56% of affected companies were unable to recover any assets, and only 15% achieved full recovery.

These figures make it clear: white-collar crime is not a peripheral risk, but a structural problem that can affect any company – regardless of size or industry.

Two faces of fraud: real-world examples

The following two examples illustrate typical fraud cases that can affect companies.

1. The internal threat: The 45-euro receipt

A long-standing, valued employee regularly submits inconspicuous small-amount expense claims between €40 and €50 for alleged business meals or taxi rides. In the daily rush of accounting, these receipts often go unchecked. With the use of artificial intelligence, it is easier than ever for perpetrators to create deceptively realistic receipts and documents – in fact, according to the ACFE report, the falsification of physical or electronic documents is by far the most common method at 67%. If this practice remains undetected for years, the losses add up to a significant liquidity risk.

2. The external threat: The familiar invoice

The company has a long-standing relationship with an established supplier. A regular email arrives with the genuine monthly invoice – but the body text contains a brief note: "Please note our new bank details due to a bank merger." Since no technical hack of the IT system takes place, a firewall is of no help here. The payment order is processed by the accounting department quite legally and voluntarily – the money flows directly into a fraudulent account.

Both examples show: The point of attack is not the technology, but the trust between people.

What Is a fidelity insurance?

Fidelity insuranceoften referred to as commercial crime insurance, protects acompany's capital from the financial consequences of intentional criminal acts. While traditional property or liability policies usually do not cover these offenses , fidelity insurance acts as an essential financial safety net against financial losses resulting from an abuse of trust. The unique advantage of this coverage is its dual protective effect: it covers criminal acts committed by insiders—such as embezzlement, theft, or fraud by employees —as well as targeted deception by external criminals. This includes modern fraudulent schemes such as payment diversion through fake invoices, identity theft, or sophisticated social engineering (e.g., Fake President fraud). In these scenarios, the internal IT infrastructure remains completely intact, while human vulnerabilities and routine daily processes are purposefully bypassed using psychological manipulation or AI-generated forgeries.

Cyber insurance vs. fidelity insurance: Where is the line drawn?

For comprehensive protection, companies must clearly understand the boundary between technical security and protection against criminal enrichment.

Leistungsmerkmal Cyberversicherung Vertrauensschadenversicherung
Fokus Technik-Fokus: Schutz der digitalen Infrastruktur Mensch-Fokus: Schutz des Vermögens vor vorsätzlichen Taten
Auslöser Bruch oder Blockade der digitalen Barriere (z. B. Ransomware, DDoS) Umgehung intakter Technik durch menschliche Manipulation oder Innentäter
Typische Schäden IT-Forensik, Datenwiederherstellung, Betriebsunterbrechung Unmittelbarer Verlust von Geld, Waren, Werkzeugen oder sonstigen Assets

Cyber insurance generally applies when the digital barrier is breached. Fidelity insurance applies precisely where the technology remains intact, but a person is deceived. Both components complement each other perfectly – but they do not replace one another.

Fidelity insurance from Baobab: Your financial safety net

The fidelity insurance Crime from Baobab protects companies against financial losses when money is siphoned off through criminal acts. Without complicated clauses, it covers losses caused by bypassing intact technology through human manipulation. Coverage includes both insider crimes such as embezzlement, theft, or fraud by your own employees, as well as external threats. This includes classic social engineering, where criminal third parties use psychological tricks such as Fake President Fraud , as well as sophisticated payment redirection (Payment Diversion) through identity theft or manipulated invoices.

Crucially, modern manipulations involving artificial intelligence—such as forged documents or manipulated identities—are also fully covered. With an insurance sum of up to €10 million and in collaboration with the established capacity provider Liberty Specialty Markets , Baobab provides comprehensive protection for companies.

Only two requirements for effective protection

Insurance coverage and preventive processes go hand in hand. Baobab therefore reduces risk analysis to two core questions that should be established as a minimum standard in every business:

  1. The four-eyes principle: All financial transactions or asset disposals of €5,000 or more must be approved by two authorized individuals.
  2. Data verification in payment transactions: For notifications regarding changed bank details or unusual payment instructions, a defined control process must be triggered, such as verifying the request via a phone call to the business partner.

The ACFE report proves that these measures pay off: data verification in payment transactions is proven to reduce fraud losses by 55%, surprise audits by 50% – and both measures lead to significantly faster detection of irregularities.

Conclusion: Corporate crime is not a niche risk, but a statistically proven, growing threat to companies of all sizes. Anyone who truly wants to secure their business needs not only technical cybersecurity but also protection against the abuse of trust—and that is exactly where Baobab’s fidelity insurance comes in.

The blog post was written by