Photo Credit: © turbomotion046 - stock.adobe.com
The following article was written and contributed by Louis D’Agostino of Iron Cove Partners, a full-service insurance brokerage firm.
If you missed last Thursday’s
For investment advisory firms purchasing insurance to protect against a cyber incident, it is important to note that not all policies are created equal. Many such policies were written to address cyber risk for general commercial businesses, and not necessarily with financial services firms or their unique risk profile, in mind.
The business profile of a registered investment adviser is different than that of your standard small business, as managing high net worth or institutional assets introduce a unique set of risks, especially as it relates to cyber and data security.
RIAs amass confidential, personally identifiable information, as well as non-public private information, from their clients. Additionally, access to computer systems and telephony is a critical part of business infrastructure. Denied access to networks or telephone systems would cause a major disruption to any small, service-based business, let alone an RIA.
Other concerns specific to RIA cyber risk, include fines and penalties, loss of fee-based revenue, regulatory defense costs, and, perhaps most importantly, the loss of customer capital as a result of a social engineering scam. This means that reviewing insuring agreements and policy provisions is more important than ever.
3rd Party Liability Coverage provides protection for an adviser for liability resulting from a data/privacy security incident. The most important types of 3rd Party Liability Coverage are Privacy, Network Security & Media Liability.
Additionally, while most policies’ coverage includes regulatory defense expenses, fines and penalties are only covered under select policies. Broader policies will include coverage for regulatory fines and penalties; however, the insurability of fines and penalties by regulators is contingent on state domicile and whether coverage is allowed by state law. In any case, such coverage is an important component of any comprehensive cyber insurance strategy.
1st Party Coverage is made up of the elements of protection which would provide an insured adviser with coverage for direct costs resulting from a cyber incident.
While some 1st and 3rd party insuring agreements are automatically included as part of “cyber package” policies, some offerings may not fully relate to the needs of an RIA and, as such, should be removed. For example, why would an RIA need coverage for PCI Fines and Penalties when they don’t accept credit cards? And, why have coverage for Business Income Loss if an RIA couldn’t possibly prove a loss of business income (e.g. advisory fees on managed assets) due to a cyber breach? Moreover, many policies specifically state that business income shall not include “fees,” which, in most cases, would preclude an adviser from collecting on any loss of income.
For more information, contact Louis D’Agostino of Iron Cove Partners at (516) 267-6179 or louisd@ironcoveins.com. Additionally, visit http://www.ironcoveins.com/.
Louis D’Agostino, President & Financial Services Practice Leader of Iron Cove Partners, LLC
Louis D’Agostino is a dynamic senior insurance professional with nearly 17 years of experience in the financial services industry. He is presently serving as the President and Financial Services Practice Leader of Iron Cove Partners, LLC. He is dedicated to business and product development and large account placement, resulting in a proven track record of successful negotiation of even the most challenging of claims such as Madoff, investor litigation, and SEC/DOJ enforcement. As part of his work at Iron Cove Partners, Mr. D’Agostino’s expertise has been called upon by a variety of industry trade groups. Prior to accepting his role with Iron Cove Partners, LLC, Mr. D’Agostino spent 10 years working for Frank Crystal & Co., a NYC-based insurance agency founded in 1933. His final role with the organization was as a Director in the Financial Services Department where he was able to perfect his negotiation skills. He successfully placed Management and Professional Liability Insurance on behalf of numerous financial institutions including hedge and private equity funds, registered investment advisors, securities dealers, and consultants. With a diverse battery of skills and experience, Mr. D’Agostino has managed accounts for commercial businesses including real estate, not-for-profits, manufacturing, retail, and tech firms.