Topic Thread

CYBER Insurance

  • 1.  CYBER Insurance

    Posted 08-09-2018 09:14
    Our insurance agent has proposed adding a CYBER policy for renewal.  Any pros/cons I should be aware of?  Is this something in place at your companies?  Thanks for your response.

    David Redding CPA MBA CGMA
    Corporate Controller
    Holland Construction Corp.
    Westminster MD
    (443) 340-1119

  • 2.  RE: CYBER Insurance

    Posted 08-10-2018 08:23
    We definitely have one, well worth it in today's world.

    John Elsnau
    Director of Finance and Administration
    Eckhardt & Johnson, Inc.
    Manchester NH
    (603) 622-7493

  • 3.  RE: CYBER Insurance

    Posted 08-10-2018 09:03
    Great questions, David. As a broker, we are highly encouraging all of our clients, regardless of industry, to consider a cyber policy. There has been a sharp rise in the frequency of cyber attacks, and businesses of all sizes are being targeted.

    Some of the biggest concerns to construction and contractors are having their information being held for ransom (also known as Ransomware), having their BIM systems corrupted, losing confidential information of other companies (i.e. trade secrets, schematics, etc), and having their employee's confidential information accessed. 

    WWW.AJG.COM/CYBER will give you more insight into the emerging risks and important considerations for your program.

    John Fitzgerald
    Sr. Account Executive
    Grand Rapids MI
    (517) 898-0839

  • 4.  RE: CYBER Insurance

    Posted 08-10-2018 11:50
    We see more clients adding cyber policy.  Cyber attacks are becoming more prevalent and costing companies a lot of money in the form of ransomware and lost productivity.  Premiums on cyber policy are reasonable and a good way to insure damages caused by those cyber attacks.

    Zeeshan Malik CCIFP, CPA
    Audit Director
    Katz, Sapper & Miller, LLP
    Indianapolis IN
    (317) 452-1040

  • 5.  RE: CYBER Insurance

    Posted 08-13-2018 17:19

    Hello David,

    Cyber insurance is a good idea.  You will need to make sure that the policy will cover the company regardless of the cause.  According to an HBR Article "The role that insiders play in the vulnerability of all sizes of corporations is massive and growing."

    Here is an excerpt from an article published by Linford & Company LLP

    "When one thinks of an insider threat, they usually picture an angry ex-employee or a spy out to do harm, but there are multiple different types of insider threats. They can range from the careless employees to that previously mentioned spy. An insider threat is a threat to an organization from employees, former employees, contractors, or business associates. These users have inside information of the organization's security practices, data, and computer systems. Insiders can be either be malicious or unknowing in their motivations.

    • The Unskilled – These are trusted employees that have access to privileged data or systems but do not really have the skills or knowledge to manage it. For example, it may be a system admin that has never worked on web servers before but is asked to implement a new web portal and is not familiar with how to secure the server.
    • The Careless – These are trusted employees that are not out to harm the company but are either looking to make their job easier (emailing a DB file to their home computer to work offline or setting up a group account so everyone can access a tool or data) or are just not paying attention (picking up a USB drive on the ground and plugging it in or clicking on a phishing email).
    • The Angry – These are trusted employees that are out to intentionally try to harm the organization. They are usually disgruntled and don't feel the company values them (i.e. low pay, passed up for a promotion, or not recognized).
    • The Outgoing – Nope, not outgoing as in fun and exciting, but outgoing as they are trusted employees that are planning to leave the organization and are acting for their own personal gain. This is very common in financial or commercial institutions where an employee takes the client list or grabs intellectual property before taking off.
    • The Spy – These are trusted employees that either planted at an organization to steal intellectual property, money, clients, etc. or were decent employees that was recruited or intimidated into providing data they have access to for fortune, fear, and/or glory."

    Unfortunately, the insurance is not a means to an end.  Companies must evaluate the risk and understand its impact, then take steps to mitigate as much of the risk as possible.  Here is another article you may find useful -
    How to Perform a Cyber Security Risk Assessment and Understand the Data Obtained From It

    Varoujan Adamian
    Principal Consultant
    Burbank, CA
    (818) 201-5111

  • 6.  RE: CYBER Insurance

    Posted 08-14-2018 11:13

    I would start by looking at what coverage you already have in your other various policies. I found that there is a lot of coverage already buried in my existing policies but also became aware of a gap in coverage.

    We have always had your traditional "EDP" coverage that was spread out between a number of different policies;
    • Our property policy covers the direct physical loss of EDP equipment and data,
    • our Crime policy covers matters that involve computer fraud. This includes two loss types:
      • "Computer fraud", i.e. theft directly through the use of computers or a computer network, and
      • "Fraudulent Transit Instructions" 
    • our Employment Practices policy affords limited coverage for claims for a breach of privacy and
    • the Directors & Officers coverage also provides limited "crisis management expense" coverage for network security breaches.
    This is all good stuff but what is missing here was coverage for damages to a third party. So, about 2 years ago I purchased a Cyber security policy from Travelers that covers this specific risk.

    One thing to also consider is that the most common Cyber security issue is social not electronic so you want your coverage to provide protection from both. It's one thing to have someone get into your network and send a bogus email from the President in a phishing attack, causing no real damage, but it's another thing to have a finance employee act on a bogus email and wire funds. Only awareness, Cyber risk training and strong internal controls will mitigate this type of risk.

    Stay safe out there.

    Michael Grant CPA
    Chief Financial Officer
    Cahill Contractors
    San Francisco CA
    (415) 986-0600

  • 7.  RE: CYBER Insurance

    Posted 08-15-2018 08:44


    Have seen good responses from all who have weighed in so far.  Though your question is specific to Cyber Insurance, I'd like to note and recommend something that has not yet been brought into the discussion.  While a Cyber insurance policy is highly recommended in today's world of the "Internet of Things", the exposure creates a critical need for an organization to bring your IT person/dept into the mix and develop solid risk management practices and protocols specific to your cyber exposure.  Be cognizant that sometimes the IT person/dept takes a defensive posture and may feel you are a threat to them, but discuss the fact that you need them as an asset to your risk management team to protect against things for which you are not equipped to deal with on your own.  Part of the process may involve periodic "tests" of employee responses to sample bogus e-mails or an outside consultant analyzing and testing your IT dept defenses.
    Point here is that there is no replacing diligent risk management planning and continual review of such and modification as dictated by the current and projected risk factors.
    And lastly back to the cyber insurance itself.  There are numerous forms with no real standard.  Seek to work with a broker that has experience to help you craft coverage that best fits your firms exposures.

    Marc Holland CIC
    Sr VP / Construction Practice Leader
    Toledo OH
    (419) 259-2720

  • 8.  RE: CYBER Insurance

    Posted 09-19-2018 13:57
    Absolutely!  Cyberinsurance is essential in today's climate...we have it.  Protection well worth the price tag.  -Christy

    Christy Gendalia
    Director of Finance & Operations
    Kings Capital Construction Group, Inc.
    Tarrytown NY
    (914) 266-8260

  • 9.  RE: CYBER Insurance

    Posted 09-28-2018 13:47
    Do any of those contractors who have a Cyber insurance policy, have recommendations on an insurance company?  We have been provided quotes from BCS, Travelers, Axis and Hiscox but don't know much about the track record with claims.

    Have any of you worked with any of these companies?  And if so, have any claims been made and what was your experience?

    Thank you.

    Colleen Seeley CCIFP
    SDV Construction
    Corrales NM
    (505) 883-3176

  • 10.  RE: CYBER Insurance

    Posted 10-09-2018 14:31
    We have CYBER insurance through Liberty. Fortunately, we haven't had to use it yet.

    Bobby Redinger CPA, CCIFP
    Timberlake Construction
    Oklahoma City OK
    (405) 840-2521

  • 11.  RE: CYBER Insurance

    Posted 10-10-2018 13:11
    Has anyone had experience with BCI or Travelers' cyber insurance?

    Colleen Seeley CCIFP
    SDV Construction
    Corrales NM
    (505) 883-3176

  • 12.  RE: CYBER Insurance

    Posted 10-11-2018 16:55
    Hi Colleen,

    We have Travelers' cyber insurance.  Feel free to give me a call if you would like to discuss.


    Owen Wyss, CPA
    Financial Controller
    Thompson Concrete, Ltd.
    Carroll OH
    (740) 756-7256