Follow Us



Five Things to Consider When Evaluating Your Cyber Risk

2018 was a banner year for big data breaches. Some of the biggest include Facebook, T-Mobile, Marriott and Ticketfly, just to name a few.  Millions of people had their personal data compromised, including locations, contacts, device information, addresses, phone numbers, and credit card information. 

We have all heard about these large cyber hacks, some of which may have even affected you personally. But what most do not hear about are the small, everyday businesses that fall victim to data breaches--and the effects are devastating. 

Whether a company is private, non-profit or public, all types of businesses are at risk. Here are some basic tips you can share with your clients on how to evaluate their company's cyber exposure.  

1. Identify your exposures. When we think of cyber risk, network security and privacy incident come to mind. By identifying your exposures to the risk, you can develop a plan of action.  Exposures can include employees, clients, company and confidential information. How is this private information handled in your firm? Another potential exposure source is your website. What content do you store there?  All this information is subject to a breach with consequences. Can an employee log in to your system from everywhere? Could a rogue employee hack into your system after termination and steal or compromise sensitive company information? What about clients who have access to enter your system? All these situations are considered exposures that could contribute to a breach. 

2. Examine your data storage system. Once you have identified sources of exposure for a breach, consider how you store information from your site and captured information. Do you operate your network or outsource this to a vendor? Remember, a data breach can also include physical paper documents that have been exposed. We’ve all heard about the typical scenario of a data breach from hackers who are never identified or caught. Cyber thieves can try to extort information by holding systems for ransom and shutting down operations until payment is made. They may steal private personal information, which means you must follow the protocols for notification of a breach. Small businesses are affected every day by these hacks which never make the news. 

3. Evaluate your current cyber insurance policy. Take a close look at your cyber insurance policy and determine the triggers for coverage to apply. If you do not have a cyber policy in place, consider the costs to mitigate a claim versus transferring this risk through an insurance policy. With this understanding of cyber risk, what should you look for in a comprehensive cyber policy provided by your insurance professional? You should be looking for policy wording that includes responding on a discovery basis with no retroactive date. Consider deeming your cyber policy as primary to respond should you have a sublimit of cyber on your BOP policy where coverage is minimal, due to the “other insurance” clause. Is the insurance carrier able to manuscript endorsements as unique situations to your company arise? Also, is policy language providing knowledge limited to the executive officers—the preferred wording-- as well as a carve-back of coverage for the rogue employee?

4. Consider your risk management processes. Cyber risk consists of network security and privacy incident. In a security failure, your company failed to protect its system, leaving it open to attack by a virus, code or ransomware. In a privacy incident, your company failed to protect your computer systems, private information, or both. In addition to the actual coverage of a cyber policy, what risk management services are offered to help prevent and strategize against a breach? Do you have a plan in place to respond to a network or data breach incident? Do you have access to qualified pre-breach expert consultants with tools such as notification guides and white papers? 

5. Be aware of breach notification requirements. If you’re struck by a data breach, you will need to hire forensic investigators, legal counsel and a public relations firm to determine your liability and notify those affected of a breach. Class-action lawsuits by customers whose information you have compromised, as well as regulatory investigations for violations of the law, also need to be taken into consideration. Additionally, specific definitions in cyber policies do not translate the same in other cyber policies, so you’ll need to carefully evaluate terms and coverage. That’s why it’s best to review all these items with your insurance professional to initiate a plan of action of evaluate your current one. 

Every day we hear about another company that’s been hit by a cyber breach. How have your clients planned to handle the expenses their company could sustain from a cyber incident?  Do they have the funds to contain a network security failure or privacy incident or have they transferred this risk to a cyber liability policy? Now is the perfect time to sit down with your clients and help evaluate and protect their liability exposure in the world of cyber. 

Jennifer Dumont, RPLU, CIC is a Senior Vice President with Atlantic Risk Specialists, a full-service wholesaler and managing general agent with offices in NJ, NY and FL that specializes in brokerage, professional lines, workers compensation and programs.  She has over 25 years industry experience and specializes in professional lines placements and consulting. She can be reached at 941-962-9968 or


Featured articles

Sapiens MR

Guidewire MR


The Email Chat is a regular feature of the ITA Pro magazine and website. We send a series of questions to an insurance IT leader in search of thought-provoking responses on important issues facing the insurance industry.


April 5th – 7th, 2020
The Diplomat Resort
Hollywood, FL
Become a member today to receive updates –


only online

Only Online Archive

ITA Pro Buyers' Guide

Vendor Views

Partner News