720-891-1663

Cyber Insurance Services


As cyber insurance becomes more important to companies in all industries, it is critical to businesses that the coverage that they have meets their business needs.

Unlike many forms of insurance, cyber risk insurance is not what is called a "standard form policy." What this means is that two policies that seem to be the same may not be the same.

Two examples - Cottage Health, a small hospital system based in California, suffered a breach and their insurance carrier, CNA, paid a $4 million claim. But then CNA said that they wanted their money back - that Cottage did not follow the "minimum required practices" and therefore did not comply with the terms of the policy - hence no coverage. That is being negotiated in court and with very expensive lawyers right now.

Another example, Galen Hayes of Hayes Insurance Agency said that he is seeing significant third party (like your cloud providers) claim activity in his cyber insurance practice. Since many cyber insurance policies are premises specific and do not cover losses due to a third party being hacked, information stored in the cloud or at a third party may not be covered--unless you have purchased that specific coverage.

Of course, that third party vendor should also have insurance. SHOULD have. And they should have enough coverage. If only one of the third party provider's customer's data is breached, they may have enough coverage, but if all of their clients are hacked, then they may not have enough coverage. Galen says that some providers decide to save money on the insurance premium and not buy sufficient coverage.

Every business needs to understand what they are covered for and what they are exposed to. Our cyber insurance risk assessment will review your coverage and identify potential gaps so that you can make an intelligent business decision regarding risk. In addition, we will review your application and policy to identify situations like the one Cottage Health fell victim to.

In addition, we can review your existing vendor risk management program or help you create a vendor risk management program. The lack of an effective VRM program was likely the source of the mess that Cottage Health is in right now.

When a business buys insurance, they think they are covered. With cyber risk insurance, that is not always the case.

Cottage Health is being the "canary in the coal mine" for other businesses that think they are covered. Are you covered for the risks that you have?

Call us today for more information!

z z