frederick
Well-Known Member
- Reaction score
- 154
- Location
- Phoenix, AZ
Our focus on businesses has had us really re-look at our insurance coverages because we don't want something to wrong and be left hanging with a massive law suit or bill. So we have reached out to various insurance brokers and agencies to find who can and can not cover us. Please note that I'm not posting premiums or deductibles, only what is and is not covered.
We are a Managed Service Provider first and foremost, but we are still handling residential for the time being (just a lot less than we were last year). Our verticals are Healthcare, Law/Legal, Financial (CPA/Accounts), and other Professional Services. When we reached out to various insurance companies, even our own, we ran in to a lot of exclusions as to what we would be covered for.
Allstate - By far the best option for us
Managing clients is covered, regardless of our exposure. Which is great, because if we are handling a healthcare client, and due to our negligence there is a breach, we are still covered. This was one thing we found to be hard to find. A lot of insurance companies excluded us right from the first question: "Do you develop or support software and/or hardware that is on the exclusion list?" And 9 out of 10 times, healthcare systems and software was on there. The biggest thing with Allstate regarding this though is you have to do criminal background checks on your employees, not a big deal for us, we already do. As well are regular drug testing that is randomly scheduled and the employee is told last second to go get tested. So far, no one has ****** hot for a drug they aren't prescribed for (we hire vets, which means they most likely take a flagged drug).
Cyber security was another big one we needed. Again, the exclusions list is what killed us every time, but not with Allstate. If we are hosting a file server, CRM, etc., as long as we take all the necessary precautions for network security, we are covered. Firewalls, regular auditing on logs and the compliance checklists, etc., we are good. The other thing is that if you have an RMM (GFI, N-able, etc.), and you can remotely access/control a clients computer, if a password to get in to said RMM is compromised, and a client is breached that way, we are covered. AWESOME!!!! Its one of those little things you might not know or even be covered for. We are covered for all our verticals, and any way our systems, to include RMM and hosted, could be breached. This includes the clients location, if we goofed up on their security that led to a breach, we are still covered.
Electronic Data Liability was another big one for us, especially with BDR (through things such as Datto), or if we are doing a hard drive recovery, etc., and these things fail or are breached/lost/stolen, etc. We are covered in the same manner as above. Even if the client tries to come after us because only 99% was recoverable and that 1% was vital information, we are covered.
For the most part, we are covered for anything and everything we do with Allstate through the General Coverages, using the additional coverages for specifics that might cost us more than what the General could cover. The only real caveat is that we don't make a gross of over $6 Million annually, because if we did we wouldn't be covered for the air we beathe. Too easy, got a long way before that.
Travelors - By far the worst option for us
From the first question, we are denied for most of the work we do. Which is a bad thing considering what we do. This option would leave us open for full payment of legal fines and penalties. The only way around this is we would have to do an annual gross of $3 million a year. Not gonna happen in the short term for sure. We could get a very general coverage for doing things like virus removals and helping granny to get her Microsoft Word working again.
Hiscox - Middle ground option
We would be covered for a lot of things, but at the same time not a lot of things. Anything with PII or PHI on them is not covered. So this would hurt us. But besides Allstate, they would cover us for things like data recovery and a general coverage of Electronic Data Liability (non-recovery services) as long as it is not PHI related software or hardware. We've been using Hiscox since the start, and it's been great, but we need more coverages for what we do.
State Farm - More middle ground
They offered us a only a generalized Electronic Data Liability, and some Property Damages, but the exclusion list was massive. Too massive in my opinion. The coverage is there, but only in "additional coverages" that have a lot of stipulations to what is and is not covered.
Farmers - What coverage?
After talking with an agent, they don't really cover our industry. They would give us things like Cyber Security, and a generalized business insurance, but when it came down to what we do, none of it is really covered. Great if I decided to smash a computer with a baseball bat, bad if I installed a switch improperly.
Nationwide - Not on our side
Like farmers, we'd only be eligible for a very limited generalized business coverage. No cyber security, no data liabilities, etc. It was disappointing to be honest.
We checked out others as well, but these were the ones that stood out to us for one simple reason: Regardless of what coverages they offered (or didn't), customer service was by far the best, and they didn't just say "we can cover you", a lot of times they would have to tell us "I'm not sure we can cover you" except Hiscox, cause they already provided us coverages. If they said they weren't sure, they followed up with "let me contact a specialist and get back with you". I normally heard back within a day or two, rather than others who took a week or more to contact us back. These companies that are listed, when they did contact us back, they already had options available for us to continue our exploration. They were not pushy, like others were. They did not simply say "we can't cover you" *click*, like a few did. No, these guys were honest, and asked as many questions as they could to see if there was anything they could cover us for.
The generalized coverage is not always the best option. Read the exclusions list to find out what isn't. I'm fine with Social Media and Porn Web Sites hosted, managed, or otherwise by us. But make sure that if you are installing a switch that that service and installation is covered by your insurance. I don't know about you, but I don't want to have to use our bond when insurance companies are a lower risk in paying back. Bonds want the money NOW! Insurance companies want the deductible paid which is usually a lot lower than the Bond.
That's my $0.02 pre-taxes.
We are a Managed Service Provider first and foremost, but we are still handling residential for the time being (just a lot less than we were last year). Our verticals are Healthcare, Law/Legal, Financial (CPA/Accounts), and other Professional Services. When we reached out to various insurance companies, even our own, we ran in to a lot of exclusions as to what we would be covered for.
Allstate - By far the best option for us
Managing clients is covered, regardless of our exposure. Which is great, because if we are handling a healthcare client, and due to our negligence there is a breach, we are still covered. This was one thing we found to be hard to find. A lot of insurance companies excluded us right from the first question: "Do you develop or support software and/or hardware that is on the exclusion list?" And 9 out of 10 times, healthcare systems and software was on there. The biggest thing with Allstate regarding this though is you have to do criminal background checks on your employees, not a big deal for us, we already do. As well are regular drug testing that is randomly scheduled and the employee is told last second to go get tested. So far, no one has ****** hot for a drug they aren't prescribed for (we hire vets, which means they most likely take a flagged drug).
Cyber security was another big one we needed. Again, the exclusions list is what killed us every time, but not with Allstate. If we are hosting a file server, CRM, etc., as long as we take all the necessary precautions for network security, we are covered. Firewalls, regular auditing on logs and the compliance checklists, etc., we are good. The other thing is that if you have an RMM (GFI, N-able, etc.), and you can remotely access/control a clients computer, if a password to get in to said RMM is compromised, and a client is breached that way, we are covered. AWESOME!!!! Its one of those little things you might not know or even be covered for. We are covered for all our verticals, and any way our systems, to include RMM and hosted, could be breached. This includes the clients location, if we goofed up on their security that led to a breach, we are still covered.
Electronic Data Liability was another big one for us, especially with BDR (through things such as Datto), or if we are doing a hard drive recovery, etc., and these things fail or are breached/lost/stolen, etc. We are covered in the same manner as above. Even if the client tries to come after us because only 99% was recoverable and that 1% was vital information, we are covered.
For the most part, we are covered for anything and everything we do with Allstate through the General Coverages, using the additional coverages for specifics that might cost us more than what the General could cover. The only real caveat is that we don't make a gross of over $6 Million annually, because if we did we wouldn't be covered for the air we beathe. Too easy, got a long way before that.
Travelors - By far the worst option for us
From the first question, we are denied for most of the work we do. Which is a bad thing considering what we do. This option would leave us open for full payment of legal fines and penalties. The only way around this is we would have to do an annual gross of $3 million a year. Not gonna happen in the short term for sure. We could get a very general coverage for doing things like virus removals and helping granny to get her Microsoft Word working again.
Hiscox - Middle ground option
We would be covered for a lot of things, but at the same time not a lot of things. Anything with PII or PHI on them is not covered. So this would hurt us. But besides Allstate, they would cover us for things like data recovery and a general coverage of Electronic Data Liability (non-recovery services) as long as it is not PHI related software or hardware. We've been using Hiscox since the start, and it's been great, but we need more coverages for what we do.
State Farm - More middle ground
They offered us a only a generalized Electronic Data Liability, and some Property Damages, but the exclusion list was massive. Too massive in my opinion. The coverage is there, but only in "additional coverages" that have a lot of stipulations to what is and is not covered.
Farmers - What coverage?
After talking with an agent, they don't really cover our industry. They would give us things like Cyber Security, and a generalized business insurance, but when it came down to what we do, none of it is really covered. Great if I decided to smash a computer with a baseball bat, bad if I installed a switch improperly.
Nationwide - Not on our side
Like farmers, we'd only be eligible for a very limited generalized business coverage. No cyber security, no data liabilities, etc. It was disappointing to be honest.
We checked out others as well, but these were the ones that stood out to us for one simple reason: Regardless of what coverages they offered (or didn't), customer service was by far the best, and they didn't just say "we can cover you", a lot of times they would have to tell us "I'm not sure we can cover you" except Hiscox, cause they already provided us coverages. If they said they weren't sure, they followed up with "let me contact a specialist and get back with you". I normally heard back within a day or two, rather than others who took a week or more to contact us back. These companies that are listed, when they did contact us back, they already had options available for us to continue our exploration. They were not pushy, like others were. They did not simply say "we can't cover you" *click*, like a few did. No, these guys were honest, and asked as many questions as they could to see if there was anything they could cover us for.
The generalized coverage is not always the best option. Read the exclusions list to find out what isn't. I'm fine with Social Media and Porn Web Sites hosted, managed, or otherwise by us. But make sure that if you are installing a switch that that service and installation is covered by your insurance. I don't know about you, but I don't want to have to use our bond when insurance companies are a lower risk in paying back. Bonds want the money NOW! Insurance companies want the deductible paid which is usually a lot lower than the Bond.
That's my $0.02 pre-taxes.
