FAQs

A cyber incident is an “event that could jeopardize the confidentiality, integrity, or availability of digital information or information systems” (U.S. Department of Homeland Security).Common types of cyber incidents include:

• Data breaches
  Threat actors expose confidential and/or legally protected information.
• Malware attacks, including ransomware attacks
  Threat actors access and encrypt data and systems, rendering them unusable and demanding payment for decryption.
• Social engineering attacks
  Threat actors exploit human error to gain unauthorized access to systems and data.
• Denial of service attacks
  Threat actors overwhelm servers, systems, and networks with traffic to slow or stop them altogether.
• Cyber fraud
  Threat actors transfer funds out of their targets’ accounts without authorization or under false pretenses.This list is not exhaustive, and cyber incidents increasingly “blur the lines” between these categories.

Although the cyber risk landscape is constantly changing, some threats are perennial. ProWriters can help you and your clients stay “in the know” about current trends and emerging threats.

Read More:

• Biggest Cyber Threats to Watch Out for in 2023

Social engineering attacks, sometimes called “human hacking,” exploit human interaction and error to succeed. They are among the most damaging cyber attacks businesses and organizations face, since resulting damages can reach into the billions, and organizations of all sizes can fall victim to them.

Read More:

• How Is Social Engineering Impacting Businesses?

“Phishing is a type of online scam that targets consumers by sending them an email that appears to be from a well-known source—an internet service provider, a bank, or a mortgage company, for example. It asks the consumer to provide personal identifying information. Then a scammer uses the information to open new accounts or invade the consumer’s existing accounts” (Federal Trade Commission).

If you check your email spam inbox, you’re bound to find hundreds of phishing emails. Don’t open them! They can do serious damage to your computer system and your private information.

Read More:

• Phishing Email Liabilities Can Cost Thousands

A Cyber Liability Insurance policy covers costs the policyholder incurs as the result of having suffered a data breach or other cyber incident.

Policies generally cover both first-party and third-party costs.

Covered first-party costs may include:

• IT forensics to determine the incident’s source and scope
• Ransomware payments
• Business interruption
• Rebuilding a compromised network and replacing affected devices
• Notifying affected customers
• Providing credit monitoring to affected customers
• Public relations efforts to protect the targeted business’s reputation

Covered third-party costs may include the costs of defending and settling claims related to:

• Breach of personally identifiable information (PII)
• Breach of contract
• Transmission of software viruses
• Denial of service

In the past, Cyber Insurance was most appropriate for businesses holding PII: bank information (credit card and checking account numbers), Social Security numbers, driver’s license numbers, medical information covered under HIPAA, or confidential corporate information.

However, the dramatic proliferation and increasing sophistication of cyber incidents—especially ransomware attacks, social engineering, and fraud—mean any business using internet-connected computers should have Cyber Insurance. This coverage is now crucial for all businesses, especially small businesses that usually lack the financial resources to cover cyber incident costs on their own.

Read More:

• How Can a Cyber Liability Policy Protect Your Organization?
• Common Objections to Cyber Coverage—And Why Cyber Insurance Is Worth It

Start by telling your clients a realistic, relevant story about a cyber incident and the scope of its possible financial consequences. Tell them about actual cyber incidents from their own industry. Then explain how Cyber Insurance not only protects them against such consequences but also gives them peace of mind.

Read More:

• How to Sell Cyber Insurance to Your Clients
• The Expert Guide to Selling Cyber Liability Insurance

News reports of cyber attacks growing more dangerous may sound exaggerated. However, they are absolutely true. At ProWriters, we understand how serious cyber security threats have become and that you need concrete examples to help clients appreciate the risk.

Read More:

• Policies in Action: 3 Cyber Liability Insurance Claim Examples
• “Cyber Risk by Industry” in ProWriters’ Broker Resources

Vetting Cyber Insurance companies and finding the right policy can be difficult. ProWriters uses our industry expertise to create tools and processes, including our proprietary Cyber IQ Comparative Rate Platform, that make it simple to find policies that match your clients’ needs and budget.

Read More:

• Compare Cyber Insurance Companies Quickly and Easily

Commercial General Liability (CGL) policies do not cover cyber exposures, despite the growing need for Cyber Insurance coverage.

Read More:

• Does a Commercial General Liability (CGL) Policy Cover Cyber?

Created by the major players in the Payment Card Industry (PCI), including Visa, Mastercard, and American Express, these standards are meant to protect sensitive consumer data. They apply to businesses of all sizes. If your clients accept even one credit card payment, they will need to follow these rules.

Read More:

• PCI Compliance for Small Businesses: Protect Yourself With Cyber Insurance

Some business clients understand their exposure, but many don’t—or they incorrectly think the issue is no longer theirs because they’ve outsourced this service. Retailers need to make sure they have adequate coverage based on how many transactions they process, and most of this task falls to their insurance broker.

Read More:

• Retailers—A Complex Cyber Exposure

The risks of third-party liability claims could be detrimental or devastating to an organization, so it’s imperative they select the most capable cyber security vendors to assist in the event of a data breach or other cyber incident.

Read More:

• Selecting Capable Vendors for Your Third-Party Cyber Liability Policy

Put into effect in 2018, the General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world, imposing obligations on organizations anywhere that target or collect data related to people in the European Union.

Read More:

• The Cost of GDPR Compliance Violations Outside the EU

Surveys show the majority of business leaders are confident in their cyber security. Yet data breaches and other cyber incidents keep rising. This disconnect suggests dangerous overconfidence and a false sense of security.

Read More:

• Five Common Cyber Security Myths Debunked

Our always growing library of broker resources and our Cyber Insurance Blog will help you better understand the professional and management risks, especially cyber risk, your business clients face; increase your knowledge of trends affecting today’s market; and develop your authority as an expert your clients trust for practical risk management advice and robust, relevant policies.

We get this question a lot. The short answer is YES.

Read More:

• Why Data Breach Insurance Is “Worth It” To SMBs

Errors & Omissions (E&O) Insurance covers your company in the event a client alleges error or negligence on your part and intends to hold you responsible for a service you provided (or failed to provide) that didn’t bring expected or promised results. Some professions—especially accountants, doctors, and lawyers—refer to E&O as malpractice insurance.

Read More:

• E&O Claims Examples

Any business providing a service needs E&O Insurance. Any firm providing professional services for a fee qualifies for E&O Insurance.

Examples include:

• Doctors
• Lawyers
• Accountants
• Architects
• Engineers
• Real estate agencies
• Home inspectors
• Property managers
• Insurance agents
• Health care facilities
• Technology companies
• Other licensed professionals and consultants

Your clients should purchase E&O Insurance before taking on the risk associated with providing their services. A policy should be part of the cost of doing business. Contracts often require it, and it can also be a selling point your clients use to attract new customers.

A retroactive date ensures a policy provides coverage for prior acts committed by the insured. It typically reflects the first date the insured purchased and continually maintained E&O coverage.

ProWriters’ underwriters have averaged more than 15 years serving the E&O marketplace. We have underwriting authority for several insurance companies, as well as brokerage arrangements with many others in the event we are unable to underwrite the risk ourselves.

Any and all businesses providing technology services—including software developers, IT consultants, managed service providers (MSPs), and more—need Tech E&O. Tech E&O policies usually feature very broad definitions of technology services.

Read More:

• What is Technology Errors and Omissions Insurance?
• Tech E&O Coverage: What Your Clients Need to Know

Tech E&O relates to any actual or alleged negligence, error, or omission of the insured in regards to their technology services. Cyber relates to a breach of the insured’s network. Though the two are distinct lines of coverage, they’re often written in conjunction with each other.

Read More:

• Why Tech Companies Need Tech E&O with Cyber Insurance

Tech E&O and Cyber don’t have to be written together, but at ProWriters, we strongly recommend it. There can be some gray areas between the two lines’ coverage triggers, so covering them both on the same form with a single carrier is best.

Depending on the carrier, yes. Some of our carriers can add coverage for miscellaneous professional services on their Tech E&O forms.

Theoretically, no, although some classes—MSPs, internet service providers (ISPs), dating apps, and others—are tougher than others. However, we do have outlets who will consider underwriting such risks.

Employment Practices Liability Insurance covers businesses when employees make claims regarding violations of their civil rights.

Read More:

• EPL Insurance Isn’t Optional For Your Business Clients

For EPL purposes, the following categories of workers are considered employees: W2 employees, part-time employees, leased employees, volunteers, and independent contractors.

EPL policies typically cover claims related to:

• Third-party liability
• Wage and hour
• Employee privacy violations
• Workplace violence
• Immigration Reform and Control Act (IRCA) violations
• Americans with Disabilities Act (ADA) violations
• Management lines

Typically, EPL coverage is worldwide, but claims must be brought in the United States.

Your business clients need at least one employee, other than the owner, for you to quote them a policy.

Directors and Officers (D&O) Liability Insurance, also known as Management Liability, covers the company, individual directors, and officers for any liability resulting from the company’s management. A D&O policy can also help attract investors and experienced executives.

Read More:

• How to Explain Directors and Officers Insurance
• D&O Insurance for Nonprofits

D&O policies cover all duly elected or appointed directors, trustees, governors, managers, officers, advisory directors, advisory board members, or members of a duly constituted committee or board of the insured company, or their functional equivalent; or one or more natural persons assigned titles or positions functionally equivalent to directors or officers.

Read More:

• A Guide to Determine How Much D&O Insurance Is Enough for Your Client

Coverages that can be packaged with D&O coverage include:

• Employment Practices Liability (EPL)
• Crime
• Fiduciary
• Kidnap and Ransom
• Employed Lawyers