Mississippi Federal Court Finds Social Engineering Endorsement Required Pre-Existing Business Relationship

Social‑engineering endorsements have become a staple of cyber‑risk programs, offering protection when fraudsters trick employees into moving money. Most policies phrase coverage around an imposter “purporting to be” a natural person or entity with which the insured already exchanges goods or services. This language, while intended to limit exposure, can unintentionally carve out a sizable blind spot for organizations that frequently engage new clients or vendors, as the endorsement may not trigger when the fraudulent party creates a wholly fictitious relationship.

The Mississippi decision underscores how courts can enforce that narrow reading, leaving a law firm without recourse after a $158,425 wire loss. For businesses, the ruling signals that reliance on standard endorsements may be insufficient if their operational model involves constant onboarding of unfamiliar counterparties. Legal and risk teams must now dissect policy wordings, comparing “existing client” clauses against real‑world transaction flows, and consider whether broader endorsements—those that cover any fraudulent instruction regardless of prior relationship—are available in the market.

Practically, firms should augment insurance with robust verification controls: multi‑factor authentication, independent payee confirmation, and documented callback procedures using contact information sourced outside the request channel. Simultaneously, they should negotiate endorsements that remove or broaden the “purporting to be from” limitation, ensuring coverage aligns with the full spectrum of social‑engineering threats. As insurers respond to heightened scrutiny, the market is likely to see a diversification of endorsement options, giving risk managers the leverage to secure more comprehensive protection against both impersonation and fabricated‑relationship scams.