US Pro Insurance Services
No Risk

Insurance Agency Risks

US PRO INSURANCE SERVICES is a wholesale brokerage firm that specializes in the placement of D&O, EPL, Fiduciary, Crime, Professional and Medical Professional Liability, E&O, Public Entity, Environmental, Media, Technology, and Cyber Liability lines of business. US PRO is fast becoming one of America’s most knowledgeable sources for Cyber Liability markets, news, and information. We are committed to becoming America’s Cyber Liability Source.

Today we launch our first edition of our new monthly “infomail” dedicated to the new and evolving Cyber Liability line of business. With the information we will be providing, we are prayerful that you will become as informed as we have become and that you may be able to better explain the exposure that I believe is America’s fastest growing area of claims for any commercial insured. In our opening edition, we thought it would be best to explain the exposures for your own workplace and business, as well as the important peripheral exposure which exists for you. Understanding what impacts your own situation will better serve you when explaining how these exposures can impact other’s situations.

Cyber Insurance covers third party legal liability as a result of either Network & Security Privacy Breach or a Media Liability Occurrence. Additionally, it can be packaged to include first party costs arising from those third party exposures. Ironically, the first party costs coverage is more likely to be used in the event of a loss than the third part legal liability costs may be, especially with notification expenses, crisis management expenses, business interruption expenses, and regulatory fines. Almost every commercial insured will tell you it is not necessary. Insurance agencies themselves consider their exposure to be little to none.

Today, we debunk this myth as CLUE uncovers for you the exposures you have and the reasons why you need to get this coverage in place for yourself. Once you understand this, you will see the need for this insurance for every commercial insured you have.


PII and PHI (personal identifiable information and personal health information) is collected by insurance agencies, especially those doing benefits placements, on their customers. This information may be stored on a database system or spreadsheet, or it may be retained as an image document attached to an email system. Hackers look for this information during the course of a network breach as they specifically target the financial services, hospitality, real estate, and education industries knowing this information is stored. Sensitive client information is also retained in paper format and improper disposal may lead to compromise of customer PII or PHI, resulting in identity thefts.

Privacy Liability and the Employee is the exposure that almost no one seems to foresee. While it is true that many commercial business do not retain PII or PHI data on their customers, almost all business with employees do maintain that information on their own employees. Privacy Liability coverage extends to the employee privacy liability exposures any potential entity faces, and preservation of that information is as important as it is for outside clients. Failure to protect that electronic information is a leading source of claims resulting from identity theft compromises.

Business Interruption Expenses for an insurance agency which has been breached can be extensive. BI is broken into Loss of Income, Extra Expenses, and Forensic Expenses. Not every carrier provides this important coverage option either, so choosing the right program when purchasing is very important. An insurance agency relies on its ability to rate business online on a daily basis that generates daily revenue, and a stoppage or slowdown in that process would result in lost revenues.

Malicious Codes and the BOT Network. Hackers use a BOT Network to distribute malicious codes that disrupt, crash, destroy and compromise businesses every day. Any person connected to the internet for any reason is at exposure of being hacked and then infected to become a BOT unit. Once infected, this unit is unsuspectingly used to infect other units, either internally or externally, and used as a means of portal to other corporate networks. Unfortunately, these may not be detected until an identity theft or compromised system occurs. By this time, massive identity theft may have occurred.

Notification laws are enacted in 46 states, and some require notification even in the potential for an identity compromise. One may not have even occurred, and yet expenses can be associated. Notfication laws also vary state by state, which often requires legal counsel expenses to comply with laws to avoid possible fines.

Hidden Exposure to Agencies:

The hidden Cyber Liability Insurance exposure for an insurance agency, more than any other commercial profession, lies in the professional standard of care that exists between an agent and its client. A duty exists for the agent to advise a client of all of the insurance products available to cover their exposures. However, consistently being overlooked is the offering of a Cyber Insurance program by an agency to its customers. Yet, statistics continue to prove that it is the small business that has the greatest potential for claims against them. Not providing a quote to your client, who then has a claim for that coverage, will likely expose your own entity to negligence and potential claim. Are you quoting Cyber Liability for all of your commercial clients, knowing that almost every one of them have Employee Privacy exposures.

Check out some of these fun facts:

  • A recent study of data breaches of 43 companies puts the notification cost at $202 for each customer record compromised (including legal counsel expenses needed to navigate notification laws state by state, and federal HIPAA laws).
  • Employee negligence in securing laptops with unencrypted data and administrative personnel disposing of sensitive information into the trash are top sources of claims, and 88% percent of all breach incidents is due to insider (employee) negligence.
  • In 2009, more than 222 million records were compromised in 469 reported events.

Recently released research reveals a high incidence of breach events affecting small and mid-size businesses:

  • 44% of victims in 2011 were business with assets under $35M, which lost 3.6 Million customer records.
  • Verizon’s 2011 data breach report of 759 events shows 63% of last year’s events involved businesses with less than 100 employees.
  • Small business online security fraud totaled $8 billion in 2010.

In the end, those agencies who have vision to embrace the Cyber Insurance line of business in its infancy will have positioned themselves to be industry experts over the next three years as the line of business explodes due to the fact that Identity theft is America’s fastest growing crime according to statistics available at

As one of the forefathers and founders of Employment Practices Liability Insurance as an underwriting executive in the very early 1990’s, I have positioned US Pro Insurance to be the same pioneer in the Cyber Liability field as a broker. I encourage you to send us your Cyber Liability business and use our knowledge of ten different carrier’s programs to get the best quote for your commercial insured today.

To send in your Cyber Insurance opportunity, or any other Specialty lines piece of business, please either reply to this email or write us at today!

A Cyber Liability application is available for download from our applications page.