Cyber Risk Transfer

Dive deeper into the specifics on cyber insurance and how it is unique from other insurance products. Cyber risk is not well covered by traditional policies like professional, general liability, and crime.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Cyber Liability Versus Professional Liability

We surveyed dozens of attorneys who are under the impression that they don’t need cyber because their professional liability policy covers them for a breach of confidentiality as confidentiality is a duty and a part of providing their professional services. While this  is correct, does cyber insurance only cover breach of confidentiality?

Professional Liability Coverage does not pay for a team of forensic experts to evaluate the breach:
  1. How did the hacker get in?
  2. Are they still in your systems?
  3. Can you extract them?
  4. Can you ensure they are out of your network through tests?
  5. Did they take any other data?
  6. Do you have a legal responsibility to notify victims? How will you pay for this? his all comes with additional costs that the Professional Liability Coverage fails to properly address.

Recent attacks against law firms include the threat to post their clients’ confidential data publicly on the internet unless a ransom is paid. Professional Liability insurance would cover the lawsuit from the damaged client for breach of privacy. Professional Liability would not pay the ransom or other expenses related to the cyber event.

Now that the lawyer has had their client’s data strewn all over the internet, will the Professional Liability Policy provide coverage for damage to reputation and reputational loss?

There are a whole host of other cyber perils that the lawyer is ignoring: funds transfer fraud, bricking, and crypto-jacking are a few. Do those risks sound familiar, of course! Covered by Professional Liability - No!

Cyber Insurance Versus Crime, Business Owners Policy, and General Liability

Every company needs Cyber Insurance.

The limitations to traditional Crime, Business Owners Policies, and General Liability have been tried and tested in courts and coverage for digital risks are seldom covered. The aforementioned traditional policies are named perils and almost always address physical damage of a tangible asset, or bodily injury. While a computer and its components represent physical property, the manipulation of code or information stored on a hard drive is not physical property and is best protected with a cyber policy.

There are some very gray areas in Crime and Media coverage, but for the most part brokers should think about not what is covered by the aforementioned, rather what is not covered:

  1. Active network surveillance - keep hackers out in the first place;
  2. Breach response and legal team to understand requirements under privacy laws;
  3. Forensics to understand how hackers got in, are they still in, has the threat been eradicated; and,
  4. Coverage to replace hardware permanently damaged by hackers.

Preparing to complete a cyber application

Getting a quote for cyber insurance is not an easy process and quotes are not guaranteed. Unprepared applicants may be declined or will be offered substantially weaker coverage and much higher premiums.

The application process can be extremely helpful as discussed above. Brokers should prepare their clients in advance of sending applications to market. The following are some steps and practices to to prepare for the cyber insurance application.

  • Start encrypting data: Under most jurisdictions if stolen data had been encrypted - like the laptop of a doctor with sensitive patient information - then requirements to notify those that may be affected by the theft is not required. The data is assumed to be useless to the hacker. Now multiply this same benefit to millions of credit card numbers for a corner store or restaurant and the potential for reduced loss is massive.
  • Start MFA as a practice: Multi-Factor Authentication is a process where the user logging into a network remotely first enters their password, but is then asked to verify themselves by means of entering a code sent to their cell phone.
  • Start verification of funds transferred by electronic means - wires or ACH.
  • Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR) or the constant surveillance of devices that access a network is a growing topic and one that clients should be prepared to discuss, especially for mid-sized company applicants.  

More on Cyber Liability

A one-liner about events and how useful of a resource it is.
Cyber Risk Mitigation
Reduce the likelihood of a breach by implementing the right procedures and controls. Underwriters favor companies that demonstrate not only strong security controls but also a culture of risk aversion.
Read More
Cyber Risk Quantification
Understand the financial impact of various types of cyber incidents. Make informed decisions by understanding the potential cost of a cyber event coupled with the probability of such an event.
Read More
Cyber Risk Awareness
We help companies of various size, industry, and level of technology sophistication understand exposures to cyber events. It is important for organizations to inventory and catalog cyber risk.
Read More