Do clients often need assistance with cyber liability applications?

[EAlderson]

Hello all,

I am new to the forum. I run a cyber security company that focuses on preventing, detecting, and responding to security breaches for small to medium sized organizations. I noticed that once in a while clients will rely on our organization for assistance with answering questions on their cyber liability applications. So my questions for the group are:

• Do your client's often require assistance when answering the technical questions on the cyber liability applications?
  • If yes, have you established relationships with vendors to assist clients in correctly completing such applications?
    • If yes, do you also conduct any lunch and learn or webinars on cybersecurity and cyber insurance?

Thanks everyone in advance.

 

[adjusterjack]

Any insurance agent worth his salt will assist his clients in filling out any application for any insurance.

Kinda makes your questions moot.

 

[fed up]

It is included or added to any policy I've ever written

 

[EAlderson]

Thanks for the replies. I appreciate the info. Let me ask this, if I use the below example from travelers

https://www.travelers.com/iw-documents/apps-forms/cyberrisk/cyb-1100-ind-0116.pdf

From a cyber risk perspective how are you determining that a customer has an adequate enough disaster recovery plan or patch management procedures? I'm looking at this from the perspective of say I own a company and I state to an agent 'Yes we have patching procedures' but in reality its happening maybe once or maybe twice a year. Instead of at a higher frequency (e.g. monthly) to limit ones risk exposure. Are agents versed on basic best practices like this? I suppose I'm trying to understand how deep in the details do agents get to confidently understand an organizations susceptibility to a cyber incident to determine the required coverage that they need?

 

[Al3x Lee]

I'm looking at this from the perspective of say I own a company and I state to an agent 'Yes we have patching procedures' but in reality its happening maybe once or maybe twice a year. Instead of at a higher frequency (e.g. monthly) to limit ones risk exposure. Are agents versed on basic best practices like this? I suppose I'm trying to understand how deep in the details do agents get to confidently understand an organizations susceptibility to a cyber incident to determine the required coverage that they need?

The application asks "Which of the following does your client have in place?" with Patch Management Procedures being one of the check boxes. If the application doesn't ask for clarity such as how often, etc, I'm not going to push further than that with the client. Sometimes the insurance company just wants to know some level of that procedures are happening.

If they truly have something that puts them above their peers in the industry we may point that out to an underwriter to present a better risk. While these cyber questions are important you have to realize we may be asking them for tons of other information on their GL, property, auto, workers comp, benefits all at the same time. It's hard to capture a clients attention for all of the little details as cyber liability is usually just a small part of their larger commercial package.

Another thing you'll come to find is that insurance people don't know the intricacies of cyber security and cyber security people don't know the intricacies of insurance.

Your word on cyber liability would probably go further than an insurance agents as your clients probably view you, not their insurance agent, as the expert on cyber security.

 

[marindependent]

Not sure I understand what you are getting at here -but when we quote out insurance products we either verbally go through the application with the client or have them view it themselves. [They are the ones answering the quesitons and need to sign it.] If there are questions concerning the application than we seek additional clarification from the insurer. Sometimes the clarification from the insurer is not helpful and sometimes it is. Some of the insurers have become smarter and have bullet points that expand with more information concerning the question when completeing it online.

In my opinion if the agent knows something to not be true than the agent should not put their name or signature on the app.