By Elyce Schweitzer, Regulatory Compliance Officer, Alliant National
Cyber insurance can be an important protection for title agencies, but it is not a guarantee that every fraud-related loss will be covered. A recent federal case, Spinnaker Insurance Company v. Heart of Gold Title, LLC, 2026 WL 710135 (S.D. Ohio Mar. 13, 2026), offers a useful reminder of how quickly coverage issues can arise when a title agency experiences a wire fraud incident and waits too long to notify its cyber insurer.
The case involved a buyer who was defrauded out of more than $480,000 after receiving spoofed wiring instructions that appeared to come from the title agency. The buyer later sued the agency for negligence. Although the agency carried cyber insurance, the cyber insurer denied coverage. The court agreed with the insurer, finding that the claim was not reported within the required timeframes and that the agency had prior knowledge of the incident.
The agency was aware of the incident when it occurred, or shortly after, but waited until it was sued by the buyer before notifying its cyber insurer. By that time, the cyber-policy period in place when the incident occurred had ended, and a new cyber-policy period had begun. Even though the same insurer issued the follow-on policy, the court found that the agency had not satisfied the policy’s reporting requirements.
The result reinforces that strict compliance with policy conditions — especially prompt notice and timing requirements — is essential for coverage to apply.
Cyber insurance does not automatically cover fraud losses
Many title agencies may assume, “We have cyber insurance, so we’re protected.” That assumption can be dangerous.
Cyber coverage depends on the specific terms of the policy. In this case, the agency’s coverage turned on policy wording, timing and reporting requirements. The loss involved a fraud scheme tied to spoofed wiring instructions, but that fact alone did not determine the outcome. The court focused on whether the agency complied with the policy’s conditions.
The bottom line is straightforward: cyber insurance is not a general safety net. It is a contract with strict rules that agencies need to understand and follow.
Timing can determine whether coverage exists
Most cyber policies issued to title agencies are “claims-made and reported” policies. This typically means that the claim must be made during the policy period and reported during that same period, or within another timeframe set by the policy.
In this case, the fraud occurred in March 2024. The lawsuit against the title agency was not filed until October 2024, and the agency reported the claim at that time. By then, the policy period in place when the incident occurred had already expired.
The agency also had a subsequent policy with the same cyber insurer. But that did not solve the problem. The result was that there was no coverage under the earlier policy, and the later policy did not pick up the incident simply because it was issued by the same insurer and began immediately after the prior policy ended.
For agencies, this is one of the most important lessons from the case. The claim should have been reported during the same policy period in which the incident occurred, and within the timeframe required by the policy. A policy renewal does not reset the clock on an incident the agency already knows about. Each policy period stands on its own.
Report potential incidents early
The agency’s delay in reporting was central to the coverage dispute. The title agency discovered the fraud in March 2024 and investigated internally, but waited until November 2024 to notify its cyber insurer. The policy required notice within 30 days of discovering a potential issue.
That word — potential — matters. The reporting obligation was not dependent on a lawsuit being filed. It was also not dependent on months of attempts to resolve the issue or recover the funds. The obligation was triggered when the agency became aware that something had gone wrong, or that something may have gone wrong.
The lesson is that agencies should not wait for perfect information before giving notice. When something seems wrong, the clock may already be running.
“We were not hacked” may not be enough
Another important point from the case is that cyber risk is not limited to a direct breach of an agency’s computer systems.
The title agency argued that its systems had not been compromised, and its IT vendor confirmed there had been no intrusion. But that did not change the outcome. The claim centered on email spoofing, fraud carried out through impersonation and the agency’s alleged failure to prevent the scam.
That distinction matters. Fraudsters can infiltrate real estate transactions without directly hacking an agency’s systems. They may use email spoofing, social engineering, fake wiring instructions or other methods designed to exploit trust and urgency. These schemes can be difficult to avoid even when best practices are followed.
Even where an agency’s systems are secure, it may still face liability for email fraud, wire fraud schemes and social engineering attacks. Cyber risk extends beyond traditional hacking.
Prior knowledge can defeat coverage
The court also addressed the agency’s attempt to rely on the later policy period. That effort failed because the agency already knew about the incident before the new policy began.
Most policies exclude known incidents that existed before coverage started. That is why an agency generally cannot wait until renewal and expect a new policy to cover an old problem. If the agency has prior knowledge of a loss, claim, circumstance or potential issue, that knowledge can become a coverage barrier.
The lesson is clear: an agency cannot rely on renewing its policy to cover past problems. Report potential claims in the policy period in which the issue arises, and do so within the timeframe required by the policy.
Know who owes coverage
The title agency sued both the cyber insurer and the insurance producer. The court ruled that only the insurer had contractual obligations under the policy. The producer did not have a duty to provide coverage.
That means agencies should understand who issues the policy, who handles claims and who actually owes coverage. The producer may help place coverage and answer questions, but the insurer issues the policy and bears the contractual coverage obligations. When a claim occurs, agencies need to know exactly where notice must be sent, who must receive it and what the policy requires.
Because the producer did not owe coverage, suing the producer did not advance the agency’s coverage position and, from a practical standpoint, was a waste of time, money and effort.
Bad faith claims are difficult when policy terms are clear
The agency also argued that the insurer acted in bad faith. The court disagreed because the denial was based on clear policy terms and the timeline supported the insurer’s position.
If an agency misses a policy deadline or fails to satisfy a reporting condition, a bad faith argument is not likely to change the outcome. The better course is to understand the policy requirements and follow them from the beginning.
What title agencies should do now
The case offers several practical steps for title agencies. First, create a 24-to-48-hour reporting rule. The first 24 to 48 hours after a suspected incident are often the most important for taking action to optimize the chances of a successful recovery. If your agency sees a suspicious email, wire fraud attempt, client complaint or possible misdirected funds, notify your cyber insurer immediately. Do not wait for confirmation or legal action.
Agencies should also contact Alliant National’s Fraud Hotline at FraudHotline@alliantnational.com without delay. Early notice alerts and enables the Alliant National team to provide assistance when time is critical and when agencies most need advice and direction on next steps.
Second, train staff to recognize fraud red flags. Most losses involve familiar patterns: email spoofing, fake wiring instructions and social engineering. Staff should always verify wiring instructions verbally by calling a known and confirmed phone number. Email changes should be treated as suspicious. The mindset should be simple: VERIFY, THEN TRUST: Every file, every party, every time.
Third, review your cyber policy in plain English. Ask your broker what counts as a claim, when reporting must occur, whether social engineering losses are covered and what exclusions apply. Agencies should understand both their coverage and their obligations before a problem occurs.
If the policy language is unclear, ask questions now. Be proactive with your cyber insurer’s insurance producer and the cyber insurer about what is covered under the policy you are purchasing and what actions may affect coverage. Even if there is no cyber-insurance coverage for a particular incident, the title agency may still be found responsible and held financially liable for the loss.
Fourth, document everything immediately. When an incident occurs, record dates, timelines, emails, communications, internal actions and any steps taken to investigate or respond. Documentation can directly affect coverage eligibility.
Finally, do not assume that renewal fixes a problem. A new policy does not reset obligations under a prior policy and generally does not cover known incidents that happened during a preceding period. Each policy and coverage period stands on its own. Agencies should also ask their cyber insurer’s insurance producer about extended reporting period options, sometimes called “tail” coverage, and retroactive date coverage for prior incident protection when renewing policies.
The bottom line
The biggest lesson from this case is simple: cyber insurance only works when agencies follow the policy requirements exactly. Agencies do not always lose coverage because they lack insurance. They may lose it because they report too late, misunderstand what triggers coverage or assume that a lawsuit matters more than early warning signs.
If you take just one action after reading this, build plans for immediate reporting and documentation. That single change can determine whether your policy protects you or leaves you exposed to a six-figure loss.
Additionally, Alliant National offers a complimentary cyber insurance gap review for our agents. It is designed to assist title insurance agents in reviewing their cyber insurance coverage to identify gaps, limitations, subjectivities, and potential risks that may not be fully covered.
For more information on the service or to request this gap review, please contact Tom Weyant: tweyant@alliantnational.com
