The figures Lloyds Bank published this weekend are arresting enough on their own. Two-thirds of all purchase fraud reports from the bank's retail customers in the year to March 2026 originated on Meta platforms - Facebook, Instagram and WhatsApp. Annual consumer losses through Meta-linked scams have more than doubled in two years, from £27 million in 2023 to approximately £66 million today, according to Liz Ziegler, Lloyds' fraud prevention director. The average claim now exceeds £500.
But the more consequential story for the insurance market is not the Lloyds data. It is what happened in a Delaware courtroom three months ago.
On 23 March 2026, Superior Court Judge Sheldon K. Rennie ruled that Meta's commercial general liability insurers had no duty to defend the platform in the thousands of lawsuits alleging that Facebook and Instagram were designed to addict and harm children. The claims, the judge found, described deliberate and intentional acts rather than accidents or occurrences capable of triggering coverage. Two days later, a Los Angeles jury found Meta liable in KGM v Meta, awarding $6 million in damages - including $3 million in punitive damages - in the first US trial to pierce Section 230 protections on platform addiction claims.
The Delaware ruling and the Los Angeles verdict are not directly about fraud. They concern platform design and youth harm. But together they are reshaping the legal and insurance landscape around Meta's liability in ways that will matter intensely to the UK market - and to the question of who ultimately bears the cost of the £66 million a year that British consumers are losing on the company's platforms.
The data published by Lloyds covers the period March 2025 to March 2026 and is drawn from reports made by more than 25 million retail customers. Concert and festival ticket fraud is the single most prevalent category, with under-25s, including those under 18, most acutely exposed. Fake Taylor Swift and Peter Kay concert tickets, Liverpool FC match listings and Alton Towers admissions featured among reported scams. Fraudulent transactions for flat deposits, household furniture, gym equipment, mobile phones and an eclectic range of goods - Moncler jackets, Dyson appliances, Amazon Alexas, football shirts, wigs and vapes - were also widely documented, with Facebook Marketplace featuring prominently throughout.
Those in their late twenties and early thirties - the age cohort at peak financial activity, including mortgage saving and household formation - face the greatest overall risk from Meta-originating fraud, according to Lloyds' analysis. Driving lesson and test scams have risen sharply, exploiting long waiting times and the pressure on young people to pass tests.
Ziegler's Sunday Times commentary puts the commercial dynamic plainly. "Meta profits from this," she wrote, "as fraudsters pay to advertise on its platforms, and by drawing people onto their Marketplace, where criminals lurk. When a scam starts with a paid-for ad, Meta has made money before the victim realises they have been conned."
Meta disputes that framing. Its spokesperson said the company removed more than 159 million scam ads last year, 92% before anyone reported them, and that it requires UK advertisers of financial products to demonstrate FCA authorisation. The company describes scammers as "determined criminals" who use sophisticated tactics to evade detection. What internal documents tell a different story: reporting by Reuters in November 2025 cited Meta's own assessments finding that approximately 10% of its 2024 revenue - around $16 billion - was generated from scam advertisements or ads violating its own policies. The documents also described "revenue guardrails" limiting how much scam-related income the company was willing to forgo.
For UK insurers, the Delaware decision is the more structurally significant development. Hartford Casualty Insurance and its co-insurers argued that Meta's commercial general liability policies should not respond to the social media addiction claims because the alleged harms - platform features engineered to maximise compulsive engagement - were deliberate design choices, not accidents. Judge Rennie agreed.
The ruling has direct relevance for any insurer considering how their policies respond to Meta-related claims in the UK context, including the group fraud action being assembled by Richardson Hartley Law and Humphries Kerstetter. That claim - now attracting more than 260 victims - proceeds on a contractual rather than tortious basis, arguing that Meta has breached its terms of service with users. But the underlying logic, that the platform's commercial design facilitates and profits from harm, runs parallel to the addiction claims that insurers have just successfully argued do not constitute insurable occurrences.
Rosehana Amin, partner at Clyde & Co, highlighted at the firm's March 2026 emerging risk webinar that coverage disputes in the US have centred on whether social media platform harms engage cover under traditional casualty policies - and that the answer, increasingly, is no. The firm's December 2025 risk predictions identified social media liability as one of the defining emerging risks for insurers in 2026, with implications across casualty, cyber, tech errors and omissions, and product liability towers.
Katelin O'Rourke Gorman, Clyde & Co partner in New York, said in those predictions: "The rise in social media addiction lawsuits in the US is creating significant liability risks for insurers and could trigger a global ripple effect. For insurers, this trend highlights the need to reassess product liability exposure and adopt proactive measures - from revising policy wording to tightening risk selection."
That assessment was made before the KGM verdict, the Delaware ruling, and the latest Lloyds fraud data landed in the same quarter.
Meta is also fighting the UK's Online Safety Act on a second legal front. In May 2026, the company filed a judicial review against Ofcom in the High Court, challenging the regulator's methodology for calculating fees and penalties under the Act. Ofcom bases its charges on a company's qualifying worldwide revenue - for Meta, roughly $201 billion last year - meaning penalties of up to 10% of that figure could, in theory, generate fines exceeding $20 billion. Meta argues that penalties should reflect only UK-generated revenue, describing Ofcom's approach as "disproportionate and unlawful." A hearing has been scheduled for October.
Ofcom said its methodology reflects "a plain reading of the law" and pledged to "robustly defend" its position. The regulator is not without leverage: the Online Safety Act explicitly mandates that platforms detect and remove fraud, and Ofcom's enforcement toolkit includes service restriction orders requiring payment processors and app stores to withdraw services from non-compliant platforms. But the Act's specific fraud advertising duties were delayed to mid-2026, and the regulator has proceeded cautiously in its early enforcement actions. The FCA's own Director of Consumer Investments, Lucy Castledine, was candid at a London summit in September 2025 about the limits of the regulatory position: "We have no power over these tech companies."
The judicial review, if successful, would substantially reduce Meta's financial exposure under the Act and weaken a key lever that consumer advocates and the banking sector have been hoping to use to push the company towards bearing a share of the losses its platforms generate. It is a development that the insurance industry should track as closely as regulators and fraud campaigners.
Since 7 October 2024, the Payment Systems Regulator's mandatory Authorised Push Payment fraud reimbursement scheme has required banks and payment providers to compensate APP fraud victims up to £85,000 per claim, split equally between sending and receiving institutions. In the nine months to June 2025, approximately 88% of stolen funds - roughly £112 million - was returned to victims, according to analysis by Edgar, Dunn & Company.
That is a significant and growing charge on bank balance sheets. Lloyds, as the UK's largest mortgage lender and one of its largest retail banks, is absorbing a material proportion of those costs. None of it is currently recoverable from Meta, despite the fact that 68% of the fraud those costs are reimbursing originated on Meta's platforms.
The asymmetry is arithmetically striking. Banks are mandated to reimburse losses that began on someone else's infrastructure, with no recourse to that infrastructure provider. The group legal action against Meta is, in part, an attempt to disrupt that asymmetry through civil litigation. Whether a subrogation route - allowing banks or insurers who have paid out to pursue recovery from Meta - is viable under English law remains legally untested. It would require establishing that Meta owed a duty of care, breached it, and that the breach caused the relevant loss. The Online Safety Act's explicit fraud duties may, over time, strengthen that argument - particularly if Ofcom's enforcement actions establish precedent for what Meta's obligations required and where the company fell short.
As Insurance Business UK has reported, the Association of British Insurers recorded more than £1.16 billion in detected fraudulent claims across 98,400 cases in 2024, with fraud estimated to add approximately £50 per year to the average policyholder's premium. The social media pipeline into broader financial crime feeds that figure.
On the individual consumer side, the coverage picture is bleak. Most standard household policies offer no meaningful protection against purchase fraud or social engineering loss. Base cyber policies typically exclude funds transfer fraud caused by social engineering - precisely the mechanism through which Meta-originated purchase scams operate - unless a specific endorsement is purchased, usually at additional premium. Even where that endorsement exists, sub-limits of £100,000 to £250,000 are common. Business email compromise is now the most frequent mid-market cyber claim in the UK, yet the ghost broking crisis illustrates how social media fraud migrates across product lines in ways that standard wordings were not designed to address.
High-net-worth personal lines cyber cover remains a substantially underdeveloped segment, with most standard HNW household policies offering limited or no meaningful protection against social engineering losses - despite the UK cyber market being valued at approximately $1.56 billion in 2025 and growing at 13% annually.
For underwriters reviewing social engineering endorsements and crime policy wordings, the Lloyds data provides a clearer picture of where consumer fraud is originating and in what categories. For brokers placing cyber and crime cover, the gap between what clients assume they are protected against and what their policies actually cover has rarely been more material.
The convergence of events in the first half of 2026 represents a meaningful acceleration in Meta's legal and regulatory exposure - and, by extension, in the questions that exposure raises for the insurance market.
A US jury has found the company liable for platform design harm for the first time. Its own insurers have successfully argued their policies do not cover those claims. It is fighting the UK regulator in the High Court over the size of potential penalties. A group fraud claim is assembling in England. Reuters has reported internal documents suggesting the company knows the scale of its platform's role in fraud and has managed it as a revenue question rather than a compliance one.
The direction of travel is clear even if the destination is not yet. The insurance industry's task is to understand, ahead of the next wave of litigation, precisely where its exposure sits - in the policies it writes for platforms, for businesses victimised by platform-originated fraud, and for the consumers who, for now, have almost nowhere to turn when the scam advert pays off for everyone except them.
