PAR Now Offers Brokers Cyber Coverage
PAR, which is always looking to address changing needs, recently decided to offer cyber risk coverage to members.
“It’s such a necessary coverage going forward,” says Stan Loar of Woodruff-Sawyer & Co. “We do a lot of public companies, and every boardroom is talking about cyber. It’s really spreading quickly. Agencies haven’t really focused that much on it, but they are starting to. It’s still pretty much a U.S. phenomenon, but it is spreading globally as well. I think you’re going to see the whole world needs cyber. E&O has caught on in the last 40 or 50 years, and I think cyber is going to be the same.”
Cyber threats have the potential to create catastrophic losses for businesses and firms of all sizes, including middle-market insurance agencies and brokerages. PAR is known for its quality management program and low loss numbers. As such, cyber will be a considerable undertaking if the organization wants to maintain its standards. PAR has developed the following recommendations for brokerages and agencies when assessing preparedness for potential cyber exposures:
- Carry cyber liability insurance to protect themselves and their clients.
- Conduct a security audit of an agency’s systems at least once every three to five years.
- Designate someone within the business to lead compliance efforts regarding applicable privacy and security mandates. Firms writing business in multiple states should recognize that each state (and the federal government) has its own requirements, and the firms should take appropriate measures to remain in compliance.
- Retain or have ready access to specialist resources to help stay in compliance with all appropriate regulations and to conduct regular data security and privacy compliance audits.
- Conduct an annual review of internal policies and procedures for agency management system access and use.
- Ensure electronic communications with clients are securely encrypted.
- Establish policies for retaining paper and electronic documents and establish internal procedures to make sure they are followed.
- Conduct annual staff training on security and privacy compliance.
- Create an internal crisis management team and conduct frequent training of team members to prepare for a potential incident.
- To protect the client’s reputation in case of an embarrassing breach, retain or access a public relations firm with crisis management experience.
Agencies and brokerages involved in mergers and acquisitions should take additional steps to protect themselves against potential cyber exposures that may be exacerbated by these transactions. PAR suggests the following actions be taken to address potential cyber exposures during M&A:
- Review the acquired firm’s insurance policies to assess its cyber coverage and any gaps in exposure.
- Educate employees on policies and procedures. Prepare an integration plan to transition employees of the acquired firm to adopt policies and procedures of the acquirer.
- Establish a plan to transition the acquired firm to the agency management system used by the acquirer.
- Notify insurance carriers and wholesalers of the acquisition and if and when a name change will take place.
- Notify clients of the acquired brokerage of the change.