Aon  |  Professional Services Practice
Cyber Risk

In evaluating Cyber Risk insurance, it is important to understand the risks and exposures an insurance policy may or may not address. While there are numerous standard products available in the marketplace, coordinating Cyber Risk and Professional Liability coverage is a critical challenge for professional service firms (such as law firms, accounting firms, consulting firms and design & construction firms).



Featured Content

Navigating Cybersecurity Risk in the New SEC Regime

February 2024 - In recent years, companies have experienced a continued escalation in the risk and impact of cyber events. As a result, the Securities and Exchange Commission (SEC) has recognized in its recent rulemaking the importance of company transparency with investors and regulators around cybersecurity risk management and the impact of cyber events.

Read more

Insight Archive Subscribe to our insights >>

We believe that one size does not fit all. Since the terms and conditions of each Cyber Risk insurance product vary greatly, we examine and modify each offering to present a recommended solution that is tailored to our clients' unique needs.

Many professional service firms consider expenses related to a privacy or security data breach, such as statutory notification costs, to be of paramount concern.

  • More and more client contracts are specifically requiring insurance coverage for these types of costs be evidenced
  • Data breach disclosure laws have been enacted or introduced in a majority of states, as well as in the European Union, and continue to evolve

Cyber Risk insurance policies provide direct access to data breach consultants and panels of experts to assist firms that suffer data breach events. The insurance also addresses expenses for forensic investigation and public relations, as well as notification costs, credit monitoring, and consumer education and assistance costs arising out of a data breach. Some policies also cover the cost of retaining outside counsel to evaluate the firm's potential obligations for a breach.

Cyber Risk insurance can be designed to cover certain additional exposures:

  • Privacy and Security Liability
  • Business Interruption and Extra Expenses
  • Contingent Business Interruption
  • Cyber Extortion
  • Data Corruption
  • Media Liability

Strategic Approach


Our process for discussing Cyber Risk insurance is educational and consultative:

Phase 1

  • A "gap analysis" is performed - to determine where any possible coverage exists under existing insurance policies
  • Results are presented in a clear and concise format, with open dialogue
  • Based on the findings, we provide specific recommendations on how to address identified coverage gaps

Phase 2

  • We provide an application for Cyber Risk insurance and assist with any questions
  • We negotiate coverage options specific to our clients' individual needs
  • A detailed comparison of the terms and conditions of each offering is presented
  • We place a Cyber Risk insurance solution as directed by the client