Reduce your risk with this Cyber Security Checklist!

Brought to you by:

Please use the live checklist below to help you assess your risk. Or to download a printable version click here.

Checklist Questions

Do you have a firewall (ie. device that monitors inbound and outbound traffic to a firm’s network) installed?

Do employees have remote access to your firm’s internal network (eg. access to files on a share drive)?

Is 2+ factor authentication utilized when employees access your internal network remotely?

Does your website have a SSL certificate installed (ie. Does your website have https:// in front of the site’s domain name instead of http://)?

Do you have a password policy in place for employees that requires complexity (ie. passwords that includes the use of special characters, uppercase, lowercase, and numbers)?

Are all operating systems and applications up to date (eg. updates to Microsoft Programs and other systems on your computer)?

Are files backed up regularly both onsite (eg. physical hard drive) and offsite (eg. external data center)?

Are employees regularly trained on cyber security (ex. emails sent out regularly or required classroom sessions)?

If your firm utilizes an outsourced IT vendor, do they maintain their own insurance?

Does your firm have a Certificate of Insurance (COI) on file naming your firm as additionally insured from your outsourced IT company?

Does your firm maintain its own Cyber Insurance policy that is solely for cyber exposures (eg. A cyber policy that is not part of your Professional Liability policy)?

Are cyber security audits performed on your network on a regular basis?

Your Cyber Security Score based on this checklist is a _ / 12

To learn how to further minimize your risk or to request Cyber Insurance Coverage, please call us at (866) 737-7683, or contact us.

Steps for Pro-active Protection

1. Secure and maintain your own Cyber Insurance policy. Don’t be fooled by thinking that you have “coverage” under your commercial Business owner’s Policy [aka BOP]. It’s possible that you have a small sub-limit for some aspects of a cyber-type claim, but our knowledge indicates that such coverage is extremely limited and coverage would be triggered in a “fact specific” manner.

2. Request a Certificate of Insurance naming your firm as additionally insured under your IT Consultancy’s General Liability policy. If you do not already have a written contract with your consultancy that contains an indemnity in your favor.

3. Do not believe in the efficacy of Cyber Coverage embedded into a Professional Liability policy. While it is true that some carriers “include” some basic “cyber coverages”, the reality is that:

  • Such coverage is an extremely watered-down version of the coverage you need.
  • Worse yet, this limited coverage was “bolted on” to the PL policy and typically is severely lacking. You need a response in hours, not days. How the first few hours of the Cyber Claim are managed can make the difference between a quick recovery and days or weeks of down-time. 
  • A cyber loss on your Professional Liability policy will serve to raise your future Professional Liability costs. A firm paying $20k for their Professional Liability policy that suffers a $150k cyber loss may see their costs rise 10-20% as a result. This seems patently unfair considering 95% of the coverage under your Professional Liability policy is for insuring against PROFESSIONAL SERVICES losses. While you are happy to have some “coverage” in the event of a loss, for the same of less premium dollars a more robust and dedicated limit of Cyber Coverage could have been secured in the form of a stand-alone Cyber policy.

Cyber Coverage for the Masses

Risk of loss from a Cyber-attack are “uncorrelated” with your size / profile / region / service or general expertise. Instead, the correlating factor is an internet connection. Polling amongst multiple Cyber Insurance underwriters identifies the A&E community as maintaining a relatively “low-risk” cyber-attack profile. [As opposed to Banks [i.e. Capitol One recently]; hospitals; schools and municipal entities [Baltimore and Riviera Beach, FL]. Fenner & Esler Insurance Agency is excited to announce that we have brokered an agreement with a major [international] leader in Cyber Insurance to provide: 1. Market Leading Protection 2. Guaranteed Price Program to all A&E firms throughout the country. The program parameters are simple. ***ANY FIRM WITH $3M OR LESS IN TRAILING REVENUES CAN HAVE A $1M CYBER POLICY FOR $1,000 ANNUAL.***

You Can Have Coverage In Place In +24 Hours

Its That Simple.


Coverage Includes

$1m – Breach Response
$1m – Business Interruption
$1m – Cyber Extortion
$1m – Data Recovery
$1m – Data / Network Liability
$1m – Regulatory Defense
$1m – PCI / Payment Card
$1m – Media Liability
$250k – Funds Transfer
$1k – deductible
$1,000 = annual premium

There is no longer an excuse to not maintain this coverage. With interconnected and wired businesses, the potential for significant loss from unexpected sources has greatly increased.