“We hear a lot of clients say
they want cyber coverage,
but often they aren’t really
sure what that means.”
— Tim Marlin, Head of Cyber Underwriting,
Partnering with the right carrier
means more than getting the right
coverage. It means access to the
expertise and guidance to help
companies actually understand what
cyber risk means for them, and what
they can do to mitigate their exposure.
At The Hartford, a panel of
experts dubbed The Hartford First
RespondersSM is available to help
insureds assess their information
security practices, review contracts
with third parties, and get a better
understanding of the full breadth of
their cyber exposure.
“We negotiated below-market
rates with a number of risk service
providers and security vendors that
our customers can take advantage of to
remediate any pre-existing weaknesses
they have in their system security,”
“They are also there to help
companies react quickly in the event
of a breach or other cyber incident.
“In addition, we provide a cyber risk
services fund, which is rather unique in
the industry,” Marlin said.
In the event that a cyber incident
does occur, The Hartford provides
insureds with a fund, in addition to
incident related expenses and costs to
help remediate the issues that resulted
in the incident in the first place.
“The better off our customers are,
the better off we are,” Marlin said.
“The bottom line is, we’re here to help
you become a better risk before, during
To learn more about The Hartford’s cyber
coverage, visit www.thehartford.com/cyber.
FOR PRODUCERS ONLY. CyberChoice First Response
is offered on a SURPLUS LINES* basis. This material
is not to be used for solicitation purposes. The Hartford
has arranged for data risk management services for
our policyholders at a discount from some third-party
service providers. Such service providers are independent
contractors and not agents of The Hartford. The Hartford
does not warrant the performance of third-party service
providers even if paid for as part of the policy coverage, and
disclaims all liability with respect to use of or reliance on
such third-party service providers.
*Eligibility for surplus insurance coverage is subject to state
regulation and requires the use of a licensed surplus line
broker. Surplus lines insurance policies are generally not
protected by state guaranty funds. Policies should be examined carefully for suitability and to identify all exclusions,
limitations, and other terms and conditions. Surplus lines
coverage is underwritten by Pacific Ins. Co. Ltd (except
in CT and HI) and The Hartford Ins. Co. of Illinois in
CT and HI. The Hartford® is The Hartford Financial
Services Group, Inc. and its subsidiaries. Its headquarters
is in Hartford, CT. All rights reserved.
However, other industries have
been slower to understand their cyber
In life sciences, for example, the
drug discovery process and protection
of intellectual property has changed
“Generations ago, drug discovery
was done more or less in the lab and
documented in lab notebooks,” said
Mark Silvestri, Sr. Managing Director,
Products & Innovation, The Hartford
“Now, it’s often enabled
bioinformatics or computational
biology. Molecular models for drug
compounds can be built online and
scientists can simulate their effect on
biological systems on a computer,”
An early stage life sciences
company’s value is primarily its
intellectual property. That IP is
now stored on a computer system,
making it more susceptible to theft or
ransomware attacks. There’s a market
for that stolen IP too.
Manufacturing faces similar
“They are relying on information
in a number of ways that are critical to
their ability to make money and service
their clients,” Silvestri said.
“Just-in-time inventory supply
management, for example, is all done
on a computer. Any sort of cyber
outage could disrupt the delivery of
Supply chain or network
disruption could disrupt income
or delay production and delivery.
Manufacturers generally understand
these risks in the physical world.
Connecting them back to a cyber
incident as the underlying cause is
a step many just haven’t taken yet
— and where some fall short on
These are just two examples of
industries that may not necessarily
think they are in the crosshairs of
cyber risk, but they have just as much
exposure as any other sector.
COVERAGE AND SERVICES
In the move to a digital
environment, access to data at any
given moment is critical.
Third party liability, business
interruption and IP risks may be
covered under other policies, but
forgoing cyber coverage could leave
companies in a lurch if they cannot
quickly get to their data or begin the
remediation process after a breach.
for the first-party costs related to
notification and credit monitoring in
the event of a breach? If you have a
firm grasp of those, then you already
have a basic understanding of cyber
coverage,” Marlin said.
“It’s the cryptic term ‘cyber’ that
throws people off. It conjures up
images of bad guys in black hats, doing
nefarious things over the internet,
but the exposure is much older and
broader than that.”
Cyber risk connotes computer and
network-related exposures. But good
“cyber” coverage and advice addresses
a much broader range of information
“It has to do with the use and
exchange of information; how we
move it around; how we process it; and
how we store it,” Marlin said.
DIGITAL ERA DRIVES RISK
The dominance of digital media, a
richly connected society, distributed
processing, and the speed at which
information moves amplifies risk.
Compound that with controls
that lag behind both technology and
threats, a bit of regulatory uncertainty,
and you have a rather intimidating risk
landscape. It’s our job to help simplify
that for clients.
Core business functions are
carried out electronically. Paper-based
processes, where they still exist, are
surely on the way out.
The information housed in digital
processes, however, is much harder
to protect when buried in an internet
server or floating around in the cloud.
A locked filing cabinet was a simpler,
more easily-understood solution.
Some industries, like health care,
financial services and education, are
better-versed in the protection of
private information in the digital
era, simply because they bear greater
scrutiny from regulators.
Often, they’re also better resourced,
and more focused on the issue making
them more likely to buy cyber coverage.
Cyber risk is everywhere. Embedded in the hardware of every computer system, in the cloud, in the headlines of national newspapers, and
in the worries of risk managers across
It’s not a new risk, but its constantly
evolving nature makes it tough for
companies to stay up to speed on
exposures, and to know how best to
mitigate and transfer the risk.
“While the market for cyber
coverage is maturing rapidly, it’s still
less developed than other lines,”
said Tim Marlin, Head of Cyber
Underwriting, The Hartford.
“We hear a lot of clients say they
want cyber coverage, but often they
aren’t really sure what that means.”
“There’s no uniformity of cyber
products on the market,” said Marlin.
“That complicates conversations about
exposures and cyber coverage.”
Oftentimes insureds may not
understand the full extent of their
exposure, so they don’t know what kind
of coverage to ask for.
Without industry-wide standards,
it’s a real challenge for brokers to
advise clients on what good cyber
coverage should look like. Just because
a coverage is available in the market
doesn’t mean it’s a good fit for the
client. A lack of understanding makes
insureds more likely to buy improper
coverage, or buy nothing at all.
“As an industry, we need to do a
better job of talking with our clients
about cyber in a clear and concise way.
We have to remove the fear around the
risk,” Marlin said.
Cyber becomes less scary when it’s
broken down into the exposures and
coverages that insureds already are
“The coverage is much simpler
than many people realize. Do you
understand coverage for third-party
liability? Do you understand coverage