In 2017, the average cost of a data breach was $3.62 million, according to a Ponemon Institute survey of 419 companies across 11 countries. The survey also reports that one-quarter of companies expect to experience another data breach in the next 24 months.

The insurance industry continues to develop new cyber coverages to respond to this emerging exposure. But with this new market opportunity comes new errors & omissions exposures for your agency.

Unlike many lines of insurance, most cyber policies are manuscript rather than ISO form—which means terms and conditions vary from carrier to carrier. The average policy covers first- and third-party liability due to network security breaches that pose an exposure to the insured, encompassing such aspects as data breach, data destruction, virus contamination, extortion and liability related to privacy breaches.

Most policies, however, do not cover reputational harm, loss of future revenue, or named perils.

Because the amount of coverage available is normally several million dollars, the potential E&O exposure for mishandling such a policy is substantial. Take these simple steps to lower your agency’s risk of cyber-related E&O claims:

1) Know the product. Recognize that each cyber carrier’s policy could contain different language with respect to what’s covered and what’s not.

2) Know your client. Sufficiently understand what your client’s business practices involve, so that you know what type of cyber policy best addresses their exposure.

3) Document, document, document. Make all offers in writing and maintain a copy for your records. Document all rejections of coverage in writing, and share a copy with the insured. Document all relevant transactions and conversations with the insured.

4) Confirm coverage is correct. Once a carrier issues a cyber policy, read it carefully to make sure it contains the specific coverage the client requested.

5) Avoid sharing coverage opinions. Refrain from making representations to the client as to what the cyber policy covers or does not cover. Instead, direct all such questions to the carrier to shield your agency from claims that you made promises the carrier is not inclined to keep. A number of courts across the country have held agents to a higher standard of care if they represented to an insured that they were an expert in the field. In some instances, an insurance professional has a higher duty of care if they take money for providing insurance advice.

6) Remember the ultimate decision rests with your client. Making a final decision about what cyber coverages are appropriate requires technical knowledge and a level of familiarity with the client’s business most agents don’t have—at least not in combination. In general, it’s a best practice to advise clients that you cannot evaluate their needs with respect to cyber coverage. Instead, help them recognize the risk, let them know the coverage is available if they wish to purchase it, and assist them in getting answers from the carrier that will help them make the right decision for their business.

Brian Butcher is a vice president, claims expert with Swiss Re Corporate Solutions and teleworks out of the office in Overland Park, Kansas. Insurance products underwritten by Westport Insurance Corporation, Overland Park, Kansas, a member of Swiss Re Corporate Solutions.