Contract Management

 View Only
  • 1.  Cyber liability insurance in contracts

    Posted 09-23-2021 03:31 PM
    It's been coming up in different meetings that some companies are asking their third-parties if they have a cyber liability policy in place and what their minimum liability coverage is. It has been decided that we will ask this question within our vendor security questionnaire going forward. 

    I am curious if there is anyone that puts this policy or any type of cyber liability coverage language as part of their contract with their high-risk and/or critical vendors. With the rise in cyber attacks, I'm guessing more companies will put this type of policy in place.


  • 2.  RE: Cyber liability insurance in contracts

    This message was posted by a user wishing to remain anonymous
    Posted 09-24-2021 08:08 AM
    This message was posted by a user wishing to remain anonymous

    We have been asking such questions on a regular basis and demand the certificate of Cyber Liability Insurance of our third party vendors during third party due diligence process - not in the contract though. However, still the question is whether these insurance policy protects your company from any unexpected since your third party vendor is insured under that policy not your company. So, should we demand a separate certificate which would state specifically that your company is also protected along with your third party vendors under their policy? I would like to hear from our community?      

    I agree, cyber liability coverage language must be an important clause to include in the contract at least for high-risk and/or critical vendors as David mentioned. 


  • 3.  RE: Cyber liability insurance in contracts

    This message was posted by a user wishing to remain anonymous
    Posted 09-27-2021 06:17 PM
    This message was posted by a user wishing to remain anonymous

    ​A vendor's cybersecurity insurance policy does not protect you directly, but indirectly it may alleviate the chance of vendor going bankrupt, ensure the vendor does have minimum cybersecurity controls in place (or the premiums would be exorbitant or vendor uninsurable if they don't have minimum controls in place), ensures the access to forensic experts to determine if your data has been exposed (insurance carriers will insist on a forensic investigation to determine who is at fault and the magnitude of loss since they are on the hook for paying the losses up to policy limits).  The cybersecurity insurance marketplace is very tight in the coming year due to the many recent cyber incidents.  Our insurance agent is telling us that cyber premiums will go up at least 20-40% from last year and insurance carriers are being very selective (i.e., they will only insure you if you have strong cyber controls) or reduce your current coverage but charge you the same or increased premiums to reduce their exposure.  Just be prepared that unless your vendor is a financial institution or healthcare provider, many smaller vendors/manufacturers may be priced out of the market or deemed uninsurable in the coming year(s).​​


  • 4.  RE: Cyber liability insurance in contracts

    Posted 09-24-2021 10:44 AM

    David,

     

    I'd be interested in learning more about the questions included in your vendor security questionnaire or receiving a sample of your file. We are in the beginning stages of rebuilding our third party management program and this is an area we want included. Thank you.

     

    Best regards,

     

    Heather DeValcourt

    Administrative Project Coordinator

    Meritus Credit Union

     

    CONFIDENTIALITY NOTICE: The information contained in this message is intended only for the recipient and may contain information that is confidential. If you are not the intended recipient or an employee or agent responsible for delivering this message to the intended recipient; please be aware that any dissemination, forwarding, printing, copying, disclosure or distribution of this communication is strictly prohibited. If you have received this communication in error, please immediately notify the sender by replying to the message and deleting all copies, including attachments, from your system.

     






  • 5.  RE: Cyber liability insurance in contracts

    Posted 09-24-2021 11:34 AM

    Yes, we are in the process of developing a security and general vendor assessment questionnaire as well.  Is there a place to review shareables?  I would love to gain a bit of guidance.