I've been consulting for the past few years. Primarily, my engagements were through VARs and, as such, were covered by their insurance policies.
From time to time I am approached by the clients directly and, as par of the course, am asked to provide them with a copy of my insurance policy certificate.
So long as my engagements were confined strictly to the infrastructure architecture, this was a non-issue. It was falling under "Computer Consultant" category, which most insurers have no problem underwriting.
But when you add "cybersecurity" as a part of your offerings, there are no takers. Just got off the phone with second SMB insurer that was not interested in underwriting a professional liability portion (i.e. they list it also as "errors and omissions").
I'd appreciate the input from those of you who were in the same boat and were able to find the solution.
Regards,
Vladimir
Well I am glad you posted this issue. What state are you in? I am doing cyber security consulting as well, but no client that I've had here in Illinois asked me for an insurance policy for cyber. I would be reluctant to take on that kind of responsibility so it would be a moot point for me. Most of the time when I am on those kinds of jobs, it's corp2corp.
It would be interesting for me to follow you because I have been hearing a lot about cyber security insurance, but the concept is pretty much in its infancy stage - as much as I know.
I am in New Jersey, but the clients are all over east coast.
Surprisingly, the requirement to have the cybersecurity portion of professional liability did not come from the clients, but from recruiting intermediaries that are specializing in C2C engagements where I, (or my LLC), am engaged as a subcontractor.
Please let me know what kind of insurance type do you carry, is it a generic IT Consulting with general and professional liability coverage?
@Badfilemagicwrote:
If you’re an IEEE member, they have a professional liability insurance program. I don’t know if it specifically covers “cyber” things though. Were I in need of professional liability insurance, they would likely be my first stop to check out.
When I did consulting, this was the insurance that I carried as well.
Vladimir,
@vt100wrote:
Surprisingly, the requirement to have the cybersecurity portion of professional liability did not come from the clients, but from recruiting intermediaries that are specializing in C2C engagements where I, (or my LLC), am engaged as a subcontractor.
Did your recruiter specify what they believed the "cyber security" specific insurance would cover?
How do they believe this is different than general Computer Services?
Depending on how they word their request for services, they could be stepping over the boundary of what a Security company/professional does who is licensed through the NJ State Police or a Professional Engineer licensed through the NJ State Dept. of Commerce.
Sincerely,
Eric B.
Shortly after I replied to this post, I received a call soliciting my interest in cyber security and professional liability insurance. Coincidence? I don’t think so!
Lamont,
@Lamont29wrote:Shortly after I replied to this post, I received a call soliciting my interest in cyber security and professional liability insurance. Coincidence? I don’t think so!
Do you mind sharing with us who the carrier/underwriter was?
It was actually the Insurers who are interested in scope of services I am providing, not the contractors that are trying to have me as a sub.
Cybersecurity liability for third party was actually my requirement and it looks like I am able to actually get the policy underwritten with: "THIS QUOTE INCLUDES 3RD PARTY CYBER LIABILITY COVERAGE UP TO POLICY LIMITS AND 1ST PARTY CYBER LIABILITY COVERAGE UP TO $100,000 SUBLIMIT. "
Where third party CLC policy limit is $1,000,000.00 per incident and $2,000,000.00 total.