Insurance Solutions

Cyber Risk

As Cyber Risk increasingly becomes the most common threat, cyber risk insurance helps defray the costs of a breach and offers vital remediation and mitigation support during the recovery phase. Risk Cooperative understands that each organization has its own unique cyber risk profile, and an out of the box solution may not work. Our cyber specialist team has worked to develop a suite of cyber insurance and risk transfer solutions that can be customized to meet specific client needs.

"*" indicates required fields

Cyber Services

Stand-Alone Cyber Insurance

Provides comprehensive liability coverage and breach response resources helping organizations manage and mitigate a cyber breach event. Key coverage components include:

Security and Privacy Liability Coverage (Including Employee Privacy):

Damages and claims expense payments from either a security wrongful act, privacy breach or security breach

Security Breach Response Coverage:

A breach response panel of specialist resources to respond to a cyber intrusion resulting in a security breach or privacy breach

Security Breach Assessment:

Coverage for analysis of systems following a security breach with respect to personal, non-public information

Multimedia Liability:

Coverage for damages and expenses legally obligated to pay arising out of a multimedia wrongful act

Privacy Regulatory Claims Coverage:

Coverage resulting in regulatory claim arising out of a privacy breach or security breach

PCI-DSS Assessment Coverage:

Coverage for amounts legally obligated to pay as a PCI DSS Assessment resulting from a security breach

Cyber Extortion Coverage:

Reimbursement for cyber extortion expenses and payments directly resulting from a cyber extortion threat

Business Income Interruption:

Coverage for income earnings loss sustained during a period of restoration resulting directly from a network disruption

Reputational Harm Loss:

Coverage for reputational harm, earnings loss and/or expenses loss sustained during a period of restoration resulting directly from a network disruption

Digital Asset Restoration Costs:

Reimbursement for the restoration costs incurred due to the alteration, destruction, damage, or loss of digital assets

Specifically tailored to address the unique exposures presented by technology companies, this coverage that protects against third-party lawsuits by a customer(s) following discovery of an error or omission in the technology.

Intellectual Property Infringement

Protection for intellectual property infringement that arises after advertising your services in print, online, or on social media.

Cyber Stop Loss

For organizations, governments, states or municipalities requiring a customized higher limit program, Risk Cooperative is able to design cyber stop loss solutions. These are designed to work with an organizations risk appetite and threshold as it relates to cyber risk, taking into account the overall cybersecurity framework and technology stack into the underwriting determination. This approach enables us to design coverage for even the most challenging industry clients.

Cyber Warranty and Indemnification

Risk Cooperative has pioneered a unique new cyber warranty and indemnification solution designed to work alongside cybersecurity technology firms and managed service providers. Our team’s expertise in the cybersecurity domain allows us to vet the efficacy of cybersecurity technology platforms and managed service providers, and then design a customized cyber insurance program to work alongside their offering. This program is a highly customized and consultative engagement designed to integrate seamlessly into our partners business model. Our cyber warranty and indemnification program enable players in the crowded cybersecurity market to differentiate themselves from competitors and deliver added value for their customers.

Resource Library

How Cyber Insurance is Shaping the Cyber Protection Priority List

To truly achieve effective cyber resilience, organizations must be ready to integrate cyber resilience, third-party risk management, and robust cyber insurance coverage.

Forbes and Gartner have both rated risk management as a top priority for business leaders. To truly achieve effective cyber resilience, organizations must be ready to adapt and adopt a comprehensive strategy that integrates cyber resilience, third-party risk management, and robust cyber insurance coverage.

This conversation between Chaz Chalkey, VP at Dataprise, a prestigious Managed Security Service Provider (MSSP), Jason Stein, VP at Telarus, a technology distributer, and our own Andres Franzetti, President of Risk Cooeperative, a growing insurance broker with deep cyber insurance expertise.

The Terms of Engagement

Chaz Chalkey (CC) | Cyber protection and insurance may be new to some, so we’ll start by defining three concepts we’ll cover extensively.

1 | Proactive Cybersecurity – A proactive stance in procuring cybersecurity solutions.

CC | While some people claim they have antivirus and a firewall to cover cybersecurity, we say that’s wildly insufficient. What is needed is the oversight to monitor, manage, maintain tools to bring greater insight to potential risks or incidents that may pop up across your technology landscape.

Jason Stein (JS) | Cyber experts like to say, it’s not IF you may be compromised, but WHEN. With 3.8 million cyberattacks per day, we see an organization fall victim to a breach every 14 seconds in the U.S costing and average of $9 million per breach. Because recovery is so difficult, organizations need lots of layers of security. Right now,88% of all breaches are caused by humans so we need to make sure we’re putting safeguards, like training, in place when it comes to protecting humans from themselves.

2 | Risk – The chance of loss and the financial impacts of that loss.

JS | Organizations need to ask, what financial impacts do identified risks pose, what is the dollar value of those, and then what is the roadmap to successfully protect the organization from internals risks, external risks, and natural risks.

3 | Cyber Insurance – An insurance policy procured to alleviate cyber risk when an organization is not prepared to absorb the financial hit of a cyber attack.

Andres Franzetti (AF) | Cyber risk is so interconnected that it impacts all areas of business, organizations really do need to have an extensive review of risks and assigned costs. But cyber insurance is not complicated by the many types of cyber insurance available. Standalone cyber insurance is what we recommend because of the variety of robust coverages like business interruption, third party risk, reputational risk, privacy and compliance related incidences, and breach remediation. A variety of bundled policies is also available.

The decision on the right insurance solution for your organization requires a hard look at the types of risk you’re willing to absorb and the types of policies that you’re considering implementing to ensure that you have the right coverage for your organization to the resiliency to withstand a cyber event.

CC | Can you highlight the differences between a standard business insurance and a focused cyber insurance plan?

AF | Business insurance encompasses a variety of different insurance policies like physical injury and general liability, plus mandated coverages such as workers comp. While cyber insurance is a discretionary policy, it is sometimes required for work contracts and we’re seeing greater privacy regulations and laws coming into place, which will eventually make it one of the mandated coverages.

Organizations need to understand the implications of cyber policy nuances on their organization, not just the technical specifications. Jason mentioned the cost of a breach is reaching the +$9 million level, and these nuances are some of the costs that are built into that cost, not just remediation, investigation and forensics. Consider the cost of payroll delays, inability to conduct transactions via the website, lost accounts from reputation risk, or vendor risk disrupting business.

Cybersecurity Impacts Insurance Access

AF | The requirements keep increasing from basics like password protection and a response plan, to now being more about integration of technologies and emphasis on training, dual factor authentication, redundancies and backups – impacts not only pricing but also access to cyber insurance.

Companies are being turned away if they don’t meet the minimum security requirements, and that’s a trend we’re going to see continue to increase. There is a tightening of access to cyber insurance, where only the firms that can demonstrate robust cybersecurity practices will be insurable.

JS | Exactly. The cyber insurance landscape is changing dramatically. You used to see everyone get a policy, and if you could prove a breach you got the payout. But in 2021 we saw over 2100 breaches, meaning more than $2.1 million dollars from carriers, so they had to put more requirements in place and raise premiums. Some organizations and industries now require cyber insurance while the requirements are getting more complex. Our expertise helps support access those requirements more easily.

Enhanced Cyber Insurance Offerings

CC | We would be remiss if we didn’t mention a new program Risk Cooperative and Dataprise created called ConvergeConnect^TM, where a cyber insurance carrier Converge has validated Dataprise as cybersecurity provider, allowing premier customers eligibility for savings up to 30% on their cyber insurance premiums. Actually, we’ve taken advantage of the the ConvergeConnect^TM program for ourselves at Dataprise and are saving tens of thousands per year. It has really helped us to invest in other aspects of our business.

AF | From the insurance perspective, we are helping to close the customer proximity gap. The insurance application process can be quite complex, with a lot of questions requiring technical data. Clients need help from their technology providers to complete the questionnaires, and ConvergeConnect^TM helps to streamline that and validate that the protocols are in place, giving the customer access to insurability and premier pricing. With Risk Cooperative serving as broker, clients have the support they need to understand their risks and the various policy coverages to get the protection they need.

Cybersecurity Trends

JS | Cyber insurance is a $13 million industry with around 35 million firms – more than a third of U.S. companies – mandated to obtain a cyber policy. While policies used to be $1 million for a $100 thousand premium, now you’re seeing 2-3x the cost for the same coverage, depending on your cybersecurity protocols. Investing in cybersecurity helps keep those premiums down. But, the policies are also different, with segmented coverage and payout caps. Bringing in your MSSP and your broker to assess risk, assign a value to that risk, and explain your policy options will help ensure you have the best plan in place.

One statistic that stands out is 60% of organizations will use security risk as a factor when determining business relationships. This is huge, because understanding risk is not only valuable for you internal operations, but it’s also a determining factor when engaging in other business activities.

AF | On the other hand, proposed legislation such as the American Privacy Rights Act are creating new GPDR-like protections. These are expected to result in more costly claims, more fines, and more regulation tightening the insurance underwriting process.

We’re seeing a preference for a zero-trust model among underwriters, a model that requires classified access to data and breach response tools. I also want to highlight the risk management component of 3^rd party risk from vendors, with compromised software supply chains resulting in $23m in losses in 2023 and predicted to triple by 2025. It’s critical that you have standards in place for the 3^rd party vendor management because those are the exposures insurers are looking at and will remove that coverage if proper mitigation components are not in place. Likewise, ransomware is becoming a line of coverage with reduced limits as a leading cause of cyber incidents.

Organizations are opting to outsource cybersecurity because the talent pool is extremely limited and specialization is needed to manage this highly integrated cyber threat. Still, underwriters are struggling to get the technical details for cyber insurance from the consumer, making programs like ConvergeConnect^TM a valuable program for clients seeking to build their cyber resiliency.

JS | Not to mention the influence of AI, which is today where cloud computing used to be – more than half of companies want to put some kind of AI in place, but there is just not a ton of security around it.

AF | From the insurance and underwriting side, it’s too early to tell how AI risk will be addressed by cyber insurance but you’re going to see requirements for AI continue to evolve.

JS | Our client needs are aligned with what Andres is saying: greater privacy regulations risk and outsourcing of cybersecurity.

Conclusion

CC | A conversation we have often with partners and customers is how layers of security are often part of a broader business resiliency strategy, driven by the need for business continuity and disaster recovery.

AF | You’re absolutely right. It ties into the proactive risk mitigation we talked about at the beginning – containing losses, reducing downtime and limiting how much is paid out by the insurers – because, ultimately, if you can help contain that loss you have a better chance of managing premiums and maintaining coverage.

Certain risks could be limited or excluded by some policies, so understanding the details is critical to deciding if it’s the best available, while also keeping tabs on the pricing element. Sometimes the cheapest policy won’t have all the coverages, leaving you to shoulder those costs in the end. Your broker should be a trusted partner and walk you through the details to ensure that your policy has the most robust coverage available to you.

Dataprise, Converge and Risk Cooperative Announce Strategic Partnership to Enhance Cyber Insurance Offerings for Organizations with Managed Cybersecurity

Dataprise's Managed Cybersecurity Premier clients are now eligible for ConvergeConnect – an enhanced, bespoke partnered cyber insurance offering with streamlined underwriting and favorable pricing.

PRWeb / ROCKVILLE, Md. – Dataprise, a distinguished Managed Service Provider and Managed Security Service Provider (MSSP), today announced a strategic partnership with Converge Insurance and Risk Cooperative to provide enhanced cybersecurity and cybersecurity insurance solutions to businesses nationwide. This partnership enables organizations with Dataprise’s Managed Cybersecurity Premier to gain a robust cyber insurance program with streamlined underwriting, enhanced pricing, and comprehensive coverage to support true cyber resilience and protect against the ever-evolving cyber threat landscape.

“With cyber threats on the rise, organizations face unprecedented challenges in safeguarding their digital assets. The inclusion of Dataprise in ConvergeConnect not only provides clients with access to an industry-leading cyber insurance program plus security services, but also ensures they have the necessary safeguards in place to mitigate risks effectively,” said Mary Beth Hamilton, Chief Marketing Officer, Dataprise.

ConvergeConnect, a partnered insurance program, is backed by Converge Insurance, pioneers in advanced cyber risk management and underwriting, and brokered by Risk Cooperative, a leading minority-owned insurance brokerage. ConvergeConnect offers primary cyber coverage through prequalified technology provider partnerships for companies with up to $750 million in revenue, and provides best-in-class customer solutions leveraging unmatched insights on cybersecurity posture. Dataprise’s Managed Cybersecurity Premier platform underwent and successfully passed a series of rigorous tests and validations to become an approved partner in ConvergeConnect.

“With cyber attacks increasing in frequency every day, cyber risk is quickly becoming a primary focus for businesses concerned with this fast-evolving threat,” said Converge CEO, Thomas Kang. “Our collaboration with Dataprise builds upon our common commitment to using technology to fight technology by deploying our proprietary data ecosystem to address these growing threats and provide clients with comprehensive insurance solutions.”

The key elements of ConvergeConnect include a streamlined application and underwriting process for current subscribers of Dataprise’s Managed Cybersecurity Premier service, providing core security services and data to establish their eligibility for top-tier coverage and pricing. While tailored for each organization, clients that leverage the Dataprise Managed Cybersecurity Premier can obtain up to a 30% credit on premiums. Quotes and coverage binding are turned around in as little as 72 hours.

Despite the looming threat of cyberattacks, the vast majority of SMBs lack adequate cyber protection due to cost, inaccessibility, and limited IT resources. Many SMBs are either underinsured or uninsured, leaving them exposed. “The mid-market firms that make up so much of our economic development are the most vulnerable to cyber threats. Many deem the cyber insurance underwriting process too onerous and prices too high to obtain coverage,” says Risk Cooperative CEO, Andres Franzetti. “This partnership and the ConvergeConnect program aim to help close the gap between MSP providers and cyber insurers, offering clients direct rewards to enacting proper cybersecurity defenses, putting a fixed price on recovery resources.”

“The cyber insurance industry has done more over the last few years to incentivize good cyber hygiene than anything else, as they get increasingly granular in their evaluation of security standards. We are very excited to be partnering with Risk Cooperative and Converge to help our customers build cyber resiliency against the threats of tomorrow,” adds Mary Beth Hamilton.

About Dataprise

Founded in 1995, Dataprise believes that technology should enable our clients to be the absolute best at what they do. This commitment to client success is why Dataprise is recognized as the premier strategic managed service and security partner to strategic CIOs and IT leaders across the United States. Dataprise delivers best-in-class managed cybersecurity, disaster recovery as a service (DRaaS), managed infrastructure, cloud, and managed end-user services that transform business, enhance user experiences, and eliminate risks.

Dataprise has offices across the United States, employs 500+ of the industry’s best and brightest, and supports more than 2,000 clients.

About Converge

Converge fuses cyber insurance, security and technology to provide businesses with clear, confident cyber protection. Deploying a proprietary data ecosystem underpinned by expert underwriting, it provides risk solutions that deliver high-value strategies with improved outcomes. Converge’s philosophy is that insurance needs the right elements and personalized approach to mitigate risk. By partnering with its policyholders, Converge precisely formulates their business needs so they can confidently become cyber secure. Converge is headquartered in New York and operates across the U.S.

About Risk Cooperative

A division of independent insurance brokerage Ensurise, LLC, Risk Cooperative is a minority-owned insurance brokerage and risk advisory firm. Licensed in all 50 states and D.C., Risk Cooperative helps organizations address risk, readiness and resilience across all classes of risk – including comprehensive employee benefits, life and health, property and casualty, cyber and other specialty lines. Appointed with all major carriers, we place domestic and international insurance solutions to help meet clients’ needs.

media@riskcooperative.com | 202-688-3560

A Cyber Resilience Advisory & Risk Transfer

Acting on the Presidential Proclamation made by then President Barack Obama, this U.S. state government wanted to figure out a way it could build up its state’s cybersecurity resiliency.

Cyber 101: Coverage Overview

Cyber risk continues to grow everyday. As organizations explore how to best combat this risk, cyber insurance is another resource that can help build resilience. There are many cyber insurance products on the market today, yet not all provide equal levels of protection.

Cyber Exclusions

Not all cyber insurance products are created equal. Coverage differences and exclusionary language amongst cyber policies has led to claims being denied, which often results in court rooms determining outcomes or large, unexpected losses that drive companies out of business.

Cyber 101: Minimum Cybersecurity Checklist

In the evolving cyber insurance market, carriers assess client risk when they review applications for cyber coverage. This checklist summarizes six areas for cybersecurity and the minimum standards that underwriters expect. While criteria for optimum rates and coverage is continually being updated, meeting these standards is a first step toward insurability.

Cyber 101: Sample Technical Specifications

In the increasingly challenging cyber insurance market, clients must be prepared to provide detailed descriptions of their cybersecurity programs. The below sections provide key underwriting questions and considerations required to obtain a cyber quote.

360° Cyber Risk Survey | 2022

This latest 360° Cyber Risk Survey report provides the most current benchmarked data, informed analysis, and actionable best practices to help middle-market organizations, senior leaders, and boards of directors obtain a better understanding of the operational and financial impacts of cyber risks and a roadmap toward better operational resiliency. Read online, or download.

Read online, or download.

Cyber 360° Webinar Series

Did you know the average cost of a cyber attack exceeds $1M?

Given the highly systemic nature of cyber and increasingly interconnected world we are living in, organizations can no longer afford to focus on merely being cyber compliant. They must now evaluate all facets of their business to ensure operational and cyber resiliency.

Session 1: Exposing & Mitigating Cyber Vulnerabilities

Cyber risk assessments form the foundation of an organization’s risk mitigation strategy by not only developing organizational cybersecurity awareness, but also by identifying an organization’s unique vulnerabilities. The presenter will provide a brief overview of sources of risk (third parties, IoT, hacking, phishing) and sobering data regarding the average impact of a cyber attack.

Companies must leverage every resource available to establish a layered and proactive defense. The biggest cyber threat to an organization often lies between the chair and the keyboard, hence the human element is an important part of the cyber equation. Educating staff via cyber hygiene training can turn employees from “cyber liabilities” to “vigilant proactive deterrents” against cyber-attacks. Coupled with technology solutions, an organization that employs a holistic enterprise-wide cybersecurity framework is best positioned to withstand the evolving range of cyber threats.

Session 2: Your Strategy for Cyber Recovery

Building a resilient organization that can withstand a cyber intrusion goes beyond compliance and notification requirements. Cyber criminals can bring an organization’s operations to a halt with a single ransomware virus, leaving it without the financial means to meet payroll, deliver client services, or even pay for the necessary breach response services to revert its systems back online. Understanding the financial impact an organization can withstand is crucial to building cyber resilience. Equally as important is understanding the value of its data or potential reputational /revenue implications that often accompany a cyber incident. Companies need a robust cyber mitigation and response strategy to effectively manage a range of cyber crisis scenarios and maintain operational continuity. This session will review insurance coverages, crisis management strategies, and the importance of board/leadership oversight.

InfraGard

Quick Facts | Brochure

Risk Matters 115 | Cyber Myths

In this episode of Risk Matters, we are going to do a “deeper dive” on some of the thought leadership and concepts we’ve developed at Risk Cooperative. Today, we discuss dangerous misunderstandings about cybersecurity, which Risk Cooperative has also written about in 5 Cyber Insurance Myths. YOU MIGHT ALSO BE INTERESTED IN: Cyber Insurance Cyber […]

In this episode of Risk Matters, we are going to do a “deeper dive” on some of the thought leadership and concepts we’ve developed at Risk Cooperative.

Today, we discuss dangerous misunderstandings about cybersecurity, which Risk Cooperative has also written about in 5 Cyber Insurance Myths.