Cyber Insurance for Architects and Engineers by Hawley Chester, Aff. SARA

If you’re a designer, architect, or engineer; it’s time to seriously consider cyber liability insurance.  

Today we’re digging deep into cyber insurance and how it can work for you and your A&E firm. Cyber insurance is on its way to becoming as important as Professional Liability insurance.

With cyber-attacks becoming increasingly common, especially with the emergence of COVID-19 making the nature of our work more remote, the insurance industry is offering products to match your specific needs.

One of the biggest exposures for architecture, design, and engineering firms is a cyber-attack. The risk of a hack or employee error can cause your firm some serious problems. Since March of 2020, we’re seeing 4x more attacks from ransomware, phishing, and social engineering.  The unfortunate reality is it’s not if a cyber-attack happens to you, but when.  

Cyber insurance isn’t new, but it’s becoming much more prominent. Take car insurance, for example. We know that driving is a high-risk activity, so we insure our cars to make sure that we’re covered.  However, we still have this idea that it’s not going to happen to me.  But just because you’re a good driver doesn’t mean that accidents can’t happen.  The same is true with a cyber-attack. You don’t want to be a small firm that walks in on Monday morning to discover that you have lost control of your system and your private information being held for ransom.

In the past, this has been viewed as a big firm problem. Today, it’s an everyone problem.  Sole proprietors are especially at risk. Usually, these individuals have the lowest amount of protection, making them an easy target.  

So how does a cyber insurance policy work?  

Like any insurance policy, pricing is going to depend on:  

  •  Revenues  

  •  Employee Count  

  •  Current risk management systems in place 

The onboarding process for cyber insurance is simple. You will have to give your insurance agent some information about your firm by completing an application, and then they go to work to find the plan that is right for your firm.  You might be surprised as to how affordable these polices are!

Something to keep in mind is that general liability/professional liability policies might give you the option to add-on cyber insurance.  Be wary of these add-on plans. They are usually incomprehensive, cheap, and neglect to cover both first party and third party.  These add-on plans are usually small limits and exclusively for third-party (client) coverage. They’re unlikely to be able to handle a significant cyber event.  

Let’s say you run a 60 employee architecture and design firm. You walk into the office one day, and you’re locked out of all your files with a message waiting that says: You will not have access to your files unless you give us a million dollars.  

Common Objections:

“We don’t need cyber insurance. We pay for IT security.”

People are the weakest link in a organizations security chain. Most cyber claims involve some sort of easily preventable human error.

“We don’t collect sensitive data or store personal information.”

Most cyber claims aren’t related to privacy but are carried out by criminals using fraudulent e-mails to divert the transfer of funds. Ransomware can cripple any companies’ business by freezing or damaging their computer systems.

“Cyber insurance is too expensive.”

The average cost of a cyber claim has grown to $240,000 in 2022. Can your organization afford that expense that may not only be monetary but bring damage to your company’s reputation?

Under cyber insurance, what are the next steps?  

You give your cyber insurance agent a call. The agent will go to work right away, as time is of the essence.  The agent will contact your cyber carrier and they will bring in an expert negotiating team and forensic recovery team.  There will be an analysis of what has been lost. Usually, at this stage, business owners make the troubling realization that they have much more sensitive data than they’d originally known.  Employee social security numbers, health benefits, confidential client information, and other sensitive information tend to reveal themselves rather quickly.  

Once an IT firm is called in, the business owner can be assured that there are backups for their system’s data.  This is when the recovery process for files begins. Recovery time will depend on the size of your firm. Usually, this is anywhere for 4-8 hours.  As a safe estimate, in the event of an attack, you will be down for at least a day. And this is if you are working with a trusted IT firm or IT employee, the best-case scenario.  If you don’t have the proper backup systems in place, this can become a much bigger problem. You could be down for several days or more.  

If you don’t have cyber insurance, you’re likely going to be paying for everything yourself. This could be catastrophic for your business.  Don’t let a cyber-attack be a knockout punch for your business. Be proactive instead of reactive and protect yourself with cyber insurance.

My firm, Chester & Associates, and I are insurance agents that specialize in writing Architectural and Engineering firms. This is 80% of our business, so we know your industry well. With A&E Professional Liability placements as our niche, Cyber Liability has become a focus of ours in the last five years. We now have a dedicated team that handles all cyber policies in our firm as this has become an area that requires a professional.

We would be happy to speak to you able your Cyber concerns and potential needs.

Hawley C. Chester, Aff. SARA

President

Chester & Associates, LLC

Affiliates Newsletter, News & EventsFabiyan Pembelski