Independent Property and Casualty Insurance Agencies
The Cyber Risk Management Leadership Award is given to select independent agents that demonstrate expertise in cyber risk management, have addressed their own firm’s cyber risks, and have shown proficiency in delivering cutting-edge cyber risk insurance products to their clients. In other words, the recipients have taken appropriate steps to earn the trust of their clients and partners with respect to privacy and security risk management.
While fully acknowledging that any company’s security and privacy can be breached, recipients have worked to ensure his/her agency demonstrates leadership in implementing best practices.
There are two distinct risk management leadership areas considered when selecting recipients: (1) The internal risk management practices of the agent’s agency, and (2) the agent’s implementation of risk management programs on behalf of customers.
The award winner has confirmed that the agency is committed to cyber risk management and has designated an individual for overall responsibility. Key elements of the cyber risk management plan may include:
- Pursues best practices in security and privacy loss control, which includes, but is not limited to:
- Has undergone a proven process to determine what significant cyber risks it is exposed to.
- Has undergone a third-party security audit and developed an implementation plan to address identified weaknesses.
- Key employees have participated in cyber risk management education programs.
- Provides an accurate privacy statement on the agency web site.
- Has arranged state-of-the-art insurance protection for the agency.
- Shopped marketplace for state-of-the-art protection tailored to its specific criteria.
- Placed cyber coverage on its own risk.
- Has implemented an IT vendor management program.
- Has a post-breach response plan.
The agent demonstrates leadership by making it a priority to provide superior cyber risk management services for clients. Key elements of the cyber risk management services may include the following:
- Advises the client at least annually on significant emerging cyber risk management issues and loss prevention solutions.
- Has a proven process for successfully identifying the client’s specific cyber risks, and for explaining the possible options for protecting against those risks.
- Advises client on IT vendor exposures and risk management solutions.
- Extends his/her cyber risk management training to include the unique hazards of specific industries, important emerging risks, and best practices in cyber insurance.
- Arranges state-of-the-art insurance protection for the client, which includes, but is not limited to, the following:
- Shopped marketplace for state-of-the-art protection tailored to the client’s needs.
- Educated the client in the various insurance options available in the marketplace.
- Assisted the client in choosing the best coverage for their specific risks.