Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Insurance Coverage

    This message was posted by a user wishing to remain anonymous
    Posted 18 days ago
    This message was posted by a user wishing to remain anonymous

    How do other financial institutions determine what Insurance coverage limits are acceptable for a vendor? 
    Is it by risk rating? By product type?


  • 2.  RE: Insurance Coverage

    Posted 13 days ago

    Many organizations establish minimum coverage amounts by product or service type and risk level. In addition to basic liability and professional errors and omissions coverage, your organization may decide that all vendors that access, process, transfer, or store data have an additional baseline $5 Million cyber security policy. The coverage amount may increase if the vendor has actual access to your networks and systems. Or, is considered a critical vendor.

    When determining the actual amount, it is important to consider the risk potential and how many customer records could be compromised, for example. And if your organization will be named on the policy as an additional insured party. Remember, only a licensed insurance professional can legally guide you on these requirements. A good starting point is with the insurance company or broker from which your organization secures its insurance. They should be able to guide you on the appropriate coverage limits and specific policy types to help protect your organization. 

    I hope this information is useful, but I would love to see what other members have to add.