1. Secure and maintain your own Cyber Insurance policy. Don’t be fooled by thinking that you have “coverage” under your commercial Business owner’s Policy [aka BOP]. It’s possible that you have a small sub-limit for some aspects of a cyber-type claim, but our knowledge indicates that such coverage is extremely limited and coverage would be triggered in a “fact specific” manner.
2. Request a Certificate of Insurance naming your firm as additionally insured under your IT Consultancy’s General Liability policy. If you do not already have a written contract with your consultancy that contains an indemnity in your favor.
3. Do not believe in the efficacy of Cyber Coverage embedded into a Professional Liability policy. While it is true that some carriers “include” some basic “cyber coverages”, the reality is that:
- Such coverage is an extremely watered-down version of the coverage you need.
- Worse yet, this limited coverage was “bolted on” to the PL policy and typically is severely lacking. You need a response in hours, not days. How the first few hours of the Cyber Claim are managed can make the difference between a quick recovery and days or weeks of down-time.
- A cyber loss on your Professional Liability policy will serve to raise your future Professional Liability costs. A firm paying $20k for their Professional Liability policy that suffers a $150k cyber loss may see their costs rise 10-20% as a result. This seems patently unfair considering 95% of the coverage under your Professional Liability policy is for insuring against PROFESSIONAL SERVICES losses. While you are happy to have some “coverage” in the event of a loss, for the same of less premium dollars a more robust and dedicated limit of Cyber Coverage could have been secured in the form of a stand-alone Cyber policy.