cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
vt100
Community Champion

Professional liability insurance for cybersecurity consultants

I've been consulting for the past few years. Primarily, my engagements were through VARs and, as such, were covered by their insurance policies.

 

From time to time I am approached by the clients directly and, as par of the course, am asked to provide them with a copy of my insurance policy certificate.

 

So long as my engagements were confined strictly to the infrastructure architecture, this was a non-issue. It was falling under "Computer Consultant" category, which most insurers have no problem underwriting.

 

But when you add "cybersecurity" as a part of your offerings, there are no takers. Just got off the phone with second SMB insurer that was not interested in underwriting a professional liability portion (i.e. they list it also as "errors and omissions").

 

I'd appreciate the input from those of you who were in the same boat and were able to find the solution.

 

Regards,

Vladimir

10 Replies
Lamont29
Community Champion

Well I am glad you posted this issue. What state are you in? I am doing cyber security consulting as well, but no client that I've had here in Illinois asked me for an insurance policy for cyber. I would be reluctant to take on that kind of responsibility so it would be a moot point for me. Most of the time when I am on those kinds of jobs, it's corp2corp.

 

It would be interesting for me to follow you because I have been hearing a lot about cyber security insurance, but the concept is pretty much in its infancy stage - as much as I know.

 

 

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC, CDPSE, MCSE
Badfilemagic
Contributor II

If you’re an IEEE member, they have a professional liability insurance program. I don’t know if it specifically covers “cyber” things though. Were I in need of professional liability insurance, they would likely be my first stop to check out.
-- wdf//CISSP, CSSLP
vt100
Community Champion

I am in New Jersey, but the clients are all over east coast.

 

Surprisingly, the requirement to have the cybersecurity portion of professional liability did not come from the clients, but from recruiting intermediaries that are specializing in C2C engagements where I, (or my LLC), am engaged as a subcontractor.

 

Please let me know what kind of insurance type do you carry, is it a generic IT Consulting with general and professional liability coverage?

 

 

 

 

Baechle
Advocate I


@Badfilemagicwrote:
If you’re an IEEE member, they have a professional liability insurance program. I don’t know if it specifically covers “cyber” things though. Were I in need of professional liability insurance, they would likely be my first stop to check out.

 

When I did consulting, this was the insurance that I carried as well.

Badfilemagic
Contributor II

Are they demanding your company carry cyber insurance, or that you get insured against your client getting hacked due to some misconfiguration?

There is liability insurance for doctors and civil PEs whose screw ups can and will cost lives. I’d assume any general e&o insurance should cover “failure to configure a firewall rule to lock down traffic no one admitted to and scans didn’t show”. But I am not a consultant, so perhaps I’m out of the loop on this
-- wdf//CISSP, CSSLP
Baechle
Advocate I

Vladimir,

 


@vt100wrote:

 

Surprisingly, the requirement to have the cybersecurity portion of professional liability did not come from the clients, but from recruiting intermediaries that are specializing in C2C engagements where I, (or my LLC), am engaged as a subcontractor.

 


Did your recruiter specify what they believed the "cyber security" specific insurance would cover?

 

How do they believe this is different than general Computer Services?

 

Depending on how they word their request for services, they could be stepping over the boundary of what a Security company/professional does who is licensed through the NJ State Police or a Professional Engineer licensed through the NJ State Dept. of Commerce.

 

Sincerely,

 

Eric B.

 

 

Lamont29
Community Champion

Shortly after I replied to this post, I received a call soliciting my interest in cyber security and professional liability insurance. Coincidence? I don’t think so!

 

 

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC, CDPSE, MCSE
Baechle
Advocate I

Lamont,

 


@Lamont29wrote:

Shortly after I replied to this post, I received a call soliciting my interest in cyber security and professional liability insurance. Coincidence? I don’t think so!

 

 


Do you mind sharing with us who the carrier/underwriter was?

vt100
Community Champion

It was actually the Insurers who are interested in scope of services I am providing, not the contractors that are trying to have me as a sub.

 

Cybersecurity liability for third party was actually my requirement and it looks like I am able to actually get the policy underwritten with: "THIS QUOTE INCLUDES 3RD PARTY CYBER LIABILITY COVERAGE UP TO POLICY LIMITS AND 1ST PARTY CYBER LIABILITY COVERAGE UP TO $100,000 SUBLIMIT. "

 

Where third party CLC policy limit is $1,000,000.00 per incident and $2,000,000.00 total.