Cyber Liability Insurance – May 2025 Update

BY PHILLIP BAILEY

20 May Cyber Liability Insurance – May 2025 Update

Posted at 08:45h in Risk Tips by

Cyber security is top of mind and critical to the viability of your organization.  Advisors ask Golsan Scruggs about cyber liability and cyber theft more than most other RIA exposures. Managing this risk effectively requires two components: (1) Control and (2) Transfer/Insure.  Admittedly, we are not information technology and security experts, and this subject is deep and wide. The element of “controlling” the risk is best suited for IT professionals, and many articles have been written addressing this area.  Again, the risks must be rigorously identified and controlled, but insurance/transfer is also critical as not all exposure can be removed by way of control.

Cyber Liability Insurance, as is all insurance, is reactive in that it is triggered upon an occurrence of breach or loss of private information.  The two primary cyber events we see occur within RIAs, which can reimburse and/or paid-on-behalf of the advisor, are (1) Crisis Services and (2) Cyber Legal Liability.  Crisis Services is the immediate response to any type of data breach, whether it is a breach of email systems, cell phones or voice-over IP, cloud storage or even whole networks. The Crisis Services response includes forensics, notification, credit monitoring and legal guidance expenses.  Prompt and proper steps after a breach occurs are critical, and most insurance companies connect insureds with a cyber-breach expert to ensure that the severity of the event does not grow due to missteps in handling the forthcoming correspondence.

Cyber Legal Liability coverage is critical should negligence or breach of duty suit be brought against an advisor. If someone whose data was compromised due to the breach chooses to seek monetary damages, Legal Liability is there to fund attorney fees and other defense related costs.

There are certainly additional exposures that can be covered by cyber insurance.  Coverage terms and additional coverage parts vary by underwriter but often include items such as loss of your own digital assets, non-physical business interruption, regulatory claims, cyber extortion (ransomware) coverage, media liability, employee privacy liability and other ancillary lines.

In closing, we think it is important to note what types of claims and expenses are associated with this risk. 2024 NetDiligence Professional Services Spotlight references 10,000 different insurance cyber claims, brought against various Professional Services businesses.  Here are some key findings of the report:

  • The average total incident cost was $205k.
  • The average cost for legal and regulatory defense was $24k.
  • The average cost for crisis services (post breach) was $96k.
  • Financial Services remains one of the top five industries filing cyber claims with 207,000 claims in 2024
  • Ransomware was the most expensive cause of loss at an average of $432k per claim and Funds Transfer Fraud/Social Engineering* the second most expensive at an average of $167k per claim.

While the above data is from the most recent NetDiligence study specifically directed at professional services firms, we know that losses have increased in dollar severity and frequency over the past 18 months and are not showing signs of slowing down.  As a natural result, the cost of cyber insurance is increasing significantly with many renewals showing 20% to 40% rate increases so far in 2025.

*A note on Funds Transfer Fraud/Social Engineering. This type of claim is not a true “cyber” claim in that it is dealing with a theft crime, but some insurance carriers include a coverage line for Social Engineering, Cyber Theft or Funds Transfer Fraud. This coverage line should always be examined, because many definitions of this coverage limit the types of claims to only business accounts and do not cover theft from client accounts. Always consult with your broker on the language in the contract before purchasing this type of coverage.

Golsan Scruggs is an insurance brokerage firm operating throughout the United States specializing in investment advisor E&O errors & omissions insurance (aka professional liability insurance) for RIA registered investment advisors. As one of the largest insurers of RIA firms in the U.S., we have a dedicated staff that understands the risks of the financial services industry and delivers superior results.  We make the underwriting process painless.

At Golsan Scruggs, we believe it is incumbent upon us to earn the right to be appointed as your insurance and risk-management agent. Our RIASURE process exists to serve that purpose.

Our RIASURE Review will analyze your fiduciary exposures, provide rate details and comparisons, and provide a contract comparison. No application required.

To obtain your complimentary RIASURE Review, please provide the following information or contact us at (800)273-5883. Fields marked with * are required.