Should I be offering my clients professional liability or cyber liability?

In a perfect world, we know the answer is yes.  We should offer them every coverage available in order to cover our potential E&O exposure, but that is not reality.  So what should you do?

Well, there is not really a way to make your client’s insurance program “airtight”, so you should discuss the GAPS in their program and ask if they want to explore an option to fill them.  Does this mean getting more applications filled out and submitting for quotes? Thank goodness, no.  Otherwise, we might do a lot more “practice quoting” than we need to.  So what should be your plan of action?

  1. You might want to come up with the top 10 insurance gaps or shortfalls in most small business insurance programs. I would put, lack of cyber insurance (network security and privacy) on that list, and depending on what type of service they provide, professional liability insurance.  Of course add higher crime limits, business interruption insurance and insufficient property limits to that list.  Keep in mind this list will evolve over time and you need to stay up to date on changes going on in the industry.
  2. Learn the markets available to you for some of these coverages and get an idea on the minimum premiums for these coverages. Cyber liability can start at $260 a year and professional liability can start as low as $750.  I think your clients may have a much higher expectation of what these coverages cost and by opening their eyes you will them to move forward with taking a serious look at potentially filling these coverage gaps.
  3. Lean more about these coverage options, especially cyber liability. Many agents are not “techies” and do not have a comfort level getting into deep discussions about this coverage.  I took a 9 hour online course to give myself the “building blocks” I needed so that anything I learned would help deepen my knowledge of this type of coverage.  There have been a large number of trade journal articles on this subject in the last few months and they will help to build a comfort level too.
  4. By looking at carrier claim examples and industry loss scenarios, you can have material to discuss with your client.  Most clients do not think it can “ever happen to them” and have not played through loss scenarios, how they would react, how long they might be out of business or how they would recover.
  5. Quick indications. There are a number of markets who have online platforms that allow you to get a quick indication with a minimum amount of information.  You may not be able to get a firm quote, but you will have something more in depth to discuss with your client.
  6. Explore tools out there that help clients realize their actual exposure. There are even some testing services that will help clients realize how “open” they actually are to claims.  There are also tools that can show the actual costs associated with a data breach and how much it would cost them based on how many records where breached.
  7. Purchase it for your own agency. It is always easier to go in with confidence if you believe in the product and carry it in your own agency.  You may be surprised on how little it costs.
  8. Don’t rely on “throw in” coverages that are in many carriers’ enhancement endorsements. A $25,000 limit will be woefully inadequate in the event of a loss.
  9. Ask more questions. Like how much data do they have on their phone, on their laptop or on jump drives?  Do they collect “personally identifiable information”?  Are they subject to specific regulatory or privacy requirements such as HIPAA or red flag rules?
  10. Start to think that these coverages should be an essential part of the client’s complete insurance program and not just an “optional coverage”. Just stating things in this manner may get your clients to start thinking more like you do and head the advice you are giving them.


You have to start somewhere.  You may surprise at how easy this coverage is to sell and how much clients really want and need the coverage.  One of my favorite TV shows now is CSI Cyber.  It alerts me to new and evolving exposures out there and how much the world is connected.  It surprised me that people would want to hack or destroy data but it is just a part of life any more.  Learn a little bit more about these evolving exposures every day and you will build confidence in suggesting this coverage to your clients and properly protecting them.

A list we compiled of all the professional liability exposures out there can be found at:  Over 400 classifications!

Ken Kukral

Kenneth Kukral, CIC – VP of Special Risks – That means, call me if you need help on placing a unique, difficult, large or more complex risk.  800-937-3497 ext 2079

Not enough limits? Time to reassess what crime limits my customers need.


Agents will many times be asked, what limits should my business carry?  This is one of those “loaded” questions and you risk an E&O exposure if you answer directly.  You can always come back with the response, “What limits do you feel comfortable carrying?”, but this won’t really help.  Other answers:

  • Many similar businesses such as your own, carry $X,XXX,XXX limits.
  • I recommend carrying a minimum of $X,XXX,XXX limits.
  • Since we are trying to protect your assets, let’s look at the amount of assets we are trying to protect.

Whatever answer you give, always offer quotes for limits above that so they can see what they cost and they can potentially accept those higher limits.

Where I see the most shortsightedness in terms of both coverage and limits is with crime insurance.  Many times the limits offered under a BOP are not sufficient and the agent fails to offer higher limits.  I believe crime insurance is the most “undersold” coverage that agents handle.  Many clients do not believe they are ever going to have a loss and therefor do not request higher limits than they are offered.

Let me give you some examples of some recent losses to exhibit the point I am trying to make:

  • $3,300,000 embezzled from a school district
  • $728,143 stolen from a trucking company
  • $2,900,000 embezzled by a caregiver of a blind patient
  • $350,500 embezzled from an electrical contractor
  • $20,000,000 embezzled by a credit union CFO
  • $510,000 embezzled by CEO of mental health agency
  • $500,000 embezzled from insurance agency over 10 year period and discovered when the sale of the agency revealed the loss (they only had $10,000 limits under their BOP)
  • $410,000 embezzled by church administrator
  • $5,000,000 embezzled by bank assistant branch manager
  • $8,000,000 embezzled from an industrial processing firm

You can see where I am going with this.  Losses have grown and the thought process behind offering higher limits has not.   We look at general liability limits and property valuation limits and barely give a thought to proper crime insurance limits.  Keep in mind that for every embezzlement news story you hear, there are 5 or 10 that you DO NOT hear about.  Think about it….  Do you want your customers to know that one of your “trusted” employees embezzled from you?   Will they think you don’t have “good controls” in your business and are poorly running it?  If it was a large amount taken over a period of time, would they think you don’t know what is going on in your operation?  Many times in family operations they don’t want this information to get out for fear of hurting the rest of the family or ruining their reputation.

Some statistics for you:

  • 80% of workplace crime is committed by employees
  • One in four employees has either witnessed or committed workplace fraud or abuse
  • One in four employees committing fraud against their employer has been with the company for more than 10 years.
  • Only one in three of those witnessing a workplace crime bothers to report it.
  • The average organization loses 6% of its total annual revenue to fraud and abuse committed by its own employees.

So what should you do?

  1. First, learn more about crime insurance. I have run across very few agents who had an in-depth knowledge of crime insurance and would be able to subsequently explain to a client what they needed to properly cover their operation.  I found one online that would be a good starting point:
  2. Get familiar with the new ISO endorsements that just came out that pick up some of the cyber crime exposures. It is amazing at how much has changed recently and this gives you a good reason to discuss this area with your clients including discussing cyber liability coverage.
  3. Get familiar with your carriers forms since many of them may not use ISO endorsements and their forms may differ from ISO.
  4. Get familiar with the type of losses happening out there and have claims examples ready to show your clients so they can see just how prevalent it is and “it can happen to them”.
  5. Look at monoline crime coverage if your carrier can not offer higher limits or cannot offer the comprehensive crime forms available in the market. If you are going to use more than one carrier, make sure the coverage is coordinated between the carriers.
  6. Always, always, always quote higher limits. This avoids them saying in court in an E&O trial that if they had known it only would cost a little bit more, they would have bought more coverage.

I truly believe this is a coverage area that can “come back and bite you”.  It is viewed more as a fringe coverage and not as essential coverage.  I think you have to view it as a required coverage and then push for sufficient limits.  A uncovered crime loss can put a company out of business!


Ken KukralKenneth Kukral, CIC – VP of Special Risks – That means, call me if you need help on placing a unique, difficult, large or more complex risk.  800-937-3497 ext 2079


How do I start a conversation with my clients about cyber liability?

By Ken Kukral

One of the toughest conversations to have with a client is the conversation where you are trying to get them to consider a coverage they haven’t had before.  The clients first thought is that if I haven’t needed it before, why should I buy it now?  Or they think you are just trying to sell them more “stuff”.  They probably already feel they are “insurance poor” and why should they spend more of their hard earned money on insurance.

The “new insurance” conversation for cyber liability is one you need to have with your clients.  Both first party coverage and third party coverage should be discussed.  While newer (in relative terms to my 26 years in the business) coverage such as EPLI has become pretty much standardized with only a few “bells and whistles” to differentiate the different policies, cyber liability is a wide open area.  It is tough to do side by side comparisons since many of the carriers use different language, have different names for each of the coverage parts and have are very specific in their exclusions.  All this can make your head spin, so what are you to do?

 Well, my recommendation is to approach this “new coverage” discussion with your client in the following manner:

1. Familiarize yourself with the coverage.  You do not need to be an expert to be able to sell this coverage.

2. Set up a checklist of questions to ask your client to assess their exposure to “cyber liability”.  It is hard to “sell them” if you don’t have a good handle on what their exposures are.

3. Probe on what they feel their exposures are or what areas cause them to lose sleep.  These are probably the most important pieces of information you need to gather.  It will also help when approaching carriers to tailor the coverage to fit the client’s needs.  You can better explore the “bells and whistles” of the different cyber liability programs in line with what the “hot buttons” are for your client.

4. Make sure you keep the discussion with your client at their appropriate technology understanding level.  It will be very different when you are dealing with a technology savvy IT Manager versus a more paper and pencil CEO.  Start to get too technical with a technologically illiterate person will only make their eyes glaze over.

5. Be prepared to discuss some of the regulations that they are required to be in compliance with.  Some of these include the Red Flag Rule, Industry specific privacy regulations, state specific notification regulations and data breach regulations.  Also discuss the trust their clients put in them to make sure their information is secure.  For positions such as accountants, lawyers and insurance agents the “trust factor” standard is even higher.  This coverage is there to help them recover from these type of information disasters.

6. You need to commandeer the application through the organization to get the appropriate person to talk to in order to get the information needed.  This may include the CFO, IT Manager and Network Manager.  Leaving an application for them to fill out will not work in this situation.  Give them a deadline when you would like to have it back…. Since I am sure they are busy people.

7. When selecting markets to approach, try to find the one that best fits your client.  Some programs are geared towards specific industries and have been tailored to fit their exposures.  At max, you may want to approach 2 or 3 markets.  Any more than that and you will have trouble comparing the options since they are numerous.  Ideally you want to present one recommendation.  More than that and you will have to be able to explain the differences between the two programs to the client and some of those differences can be minute and very technical.

8. Be able to give some loss examples for each of the coverage parts.  You may want to give one loss example that spans over a number of coverage sections and show the potential costs that can add up in these kind of losses.  If possible find a loss in their specific industry.  This will help it to hit home.

9. Close.  If you have done a good job of uncovering their exposures, the type of losses they can have and how this coverage could save their business from financial ruin, they should be ready to buy.

Don’t wait, if you don’t talk to your clients about this coverage, someone else will or they will read about it.  If you are looking out for their best interests, you need to discuss this valuable coverage with them.