Protect Yourself and Your Clients When Selling Cyber Insurance

E&O claims related to the sale of cyber insurance are on the rise. They typically involve not mirroring coverage when changing carriers and/or an agent who does not understand the coverage sufficiently to correctly place it or provide accurate advice.

Small-to-medium-size businesses often have the misperception that cyber incidents only happen to larger businesses – yet cyber insurance is needed by almost any business because most businesses rely on technology to operate. At minimum, small-to-medium-size businesses have access to the internet and use an internal email system. However, they often have less stringent security than larger businesses, are easy targets, and can be targeted as an access point to their suppliers. Many policies include pre-loss mitigation services, such as risk management training, that can offset security costs for smaller businesses.

While it’s a great opportunity to cross sell, it’s a unique coverage that poses challenges to agents. Policies vary significantly from carrier to carrier, include multiple insuring agreements, and have claims-made and occurrence triggers – plus, the coverage is rapidly evolving. Additional coverage may be needed to sufficiently cover a client’s cyber exposures.

How can you protect your clients and mitigate your exposure to E&O claims? These risk management tips can help.

1. Be well-educated. Require staff that handles this line to stay on top of cyber insurance news, take training seminars, and keep abreast of any changes among the carriers they place coverage through.

2. Limit the number of carriers used for placement. This will help you be well informed of their offerings.

3. Carefully review your client’s current coverage and quotes received from your carriers when changing coverage. This can ensure you are mirroring coverages as closely as possible, which can be challenging given the variations in language and coverage among carriers.

4. Help your client ensure they have sufficient coverage for social engineering, ransomware attacks, computer fraud, and funds transfer fraud. These coverages respond to some of the most common cyber incidents and are often at the heart of many E&O claims.

5. Point out sub-limits and time-sensitive reporting requirements.

6. Determine if the policy will indemnify or merely reimburse the client. Reimbursement policies may offer less in the way of support, which is something clients should consider.

7. Determine the client’s exposures to ensure they are not left with a gap in coverage. Coverage for some cyber exposures may be included in other policies including, but not limited to, EPLI, CGL, and Commercial Crime. When multiple policies are in place that can respond to cyber incidents, determine the most advantageous one to respond on a primary basis and endorse the “other insurance” clauses, if necessary.

DON’T LET THIS HAPPEN TO YOU

A customer asked the agent to obtain a Commercial Crime Policy, expressing specific concerns about a business acquaintance who had sustained a loss after a wire transfer was sent to a criminal imposter. The customer indicated he wanted $1 million in coverage for his business for such incidents. To obtain coverage, the agent worked with a broker who provided a crime quote and noted that sub-limits were included for social engineering and telecom fraud. A specimen policy was included.

The agent was unfamiliar with the specifics of the coverage and did not recognize that the social engineering sub-limit of $100,000 would not provide the level of coverage the customer requested. The agent provided the quote to the customer, noting the requested $1 million coverage was being provided. The customer subsequently suffered a substantial social engineering loss. The agent’s E&O coverage paid nearly $500,000 to cover the claim.

LESSON: Be familiar with terms used for cyber exposures. Carefully review any sub-limits that may impact coverage.

5-R-1438 Ed. 02-2023

This information is provided solely as an insurance risk management tool. Utica Mutual Insurance Company and the other member insurance companies of the Utica National Insurance Group (“Utica National”) are not providing legal advice or any other professional services. Utica National shall have no liability to any person or entity with respect to any loss or damages alleged to have been caused, directly or indirectly, by the use of the information provided. You are encouraged to consult an attorney or other professional for advice on these issues.