All insurance agencies and brokers should carry Cyber Risk Insurance to protect themselves from data breach exposure and to demonstrate good risk management for clients, yet some insurance agencies do not purchase the coverage. Insurance agencies have client data and premium funds, and need to take risk management and insurance protection steps to mitigate the exposure.
A recent PropertyCasualty360 article (see here) and our prior post noted that small businesses are increasingly targeted by hackers. And insurance agents are repositories of all types of personal and confidential information, including both financial and healthcare information. Financial and healthcare information are key targets for cyber hackers.
- Education – agency staff should be trained to recognize the exposures, such as phishing attacks, proper password usage, and portable media loss
- IT Security – agencies should utilize a strong IT defense system, including up to date antivirus software and firewalls
- Breach Response – a data breach response plan should be in place
- Physical Security – strong physical security should not be overlooked, including locking access to servers
In addition to taking risk management steps, all insurance agencies and brokers should have a minimum of $1.0 million in comprehensive Cyber Risk Insurance covering both criminal (hacking) attacks and employee errors. Low-limit endorsements to a package policy and cheap, limited coverage standalone policies are not adequate. Cyber Risk policies vary and can be tailored to cover the exposures needed, including breach costs, forensics, business interruption, loss of funds and crisis management.
Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber). We excel at hard to place accounts. Review our expectations here.