Three types of insurance every firm should consider

Google blocks hundreds of millions of malware and phishing emails every day.1  Other email providers report similarly staggering numbers. Yet, many attacks still get through. Online theft costs individuals and businesses trillions of dollars each year.2 

Cybercrime will cost the world $10.5 trillion USD in 2025.

Cybercrime is more organized and more effective than ever. And everyone is a target. Hackers don't only go after big paydays. They also look for easy pickings—school districts, small businesses, and average people. Advisors are especially attractive to hackers because RIA firms often manage hundreds of millions of dollars, but don't have the same level of security as other financial institutions.

Today, insurance that protects your RIA firm and your clients' assets from devastating losses is essential. There are three different types of insurance that RIA firms ought to consider: errors & omissions, fidelity bonds, and cyber insurance. 

At a recent Schwab Advisor Services webinar, Greg Severinghaus of Markel Insurance, Jessica Thayer of Starkweather and Shepley Insurance, and Scott Shannon at the Windermere Insurance Group discussed the options available to advisors and what to consider.

Errors & omissions

Errors & omissions (E&O) insurance is not specifically a form of cybersecurity insurance, but it covers the kinds of mistakes that are common in the digital age. 

"If you carry one type of insurance, you typically start with E&O," says Severinghaus.

Many RIA firms have carried E&O insurance for years because it protects against many kinds of honest mistakes—trading errors, miscommunications, misunderstandings about the suitability of products, failure to disclose information, and breach of fiduciary duty. For example, if an advisor types in the wrong ticker symbol and buys the wrong stock for a client and then that stock plummets in value, the client will feel they are owed money for that mistake. E&O can help the advisor's firm pay damages to the client to cover the client's loss. And in cases where a dispute is more complex, for example if a client thinks an honest mistake was actually a case of an advisor working against the client's interest, E&O can pay for an RIA firm's legal defense and damages after a judgment has been reached.

However, E&O insurance doesn't cover stock market losses when both a client and an advisor agree to make a trade. It also doesn't cover dishonesty or fraud at a firm. And E&O doesn't cover losses caused by a data breach. In those cases, RIA firms will need to consider adding a fidelity bond or cyber insurance.

Learn More about E&O insurance from Greg Severinghaus

Fidelity bonds

Fidelity bonds are a type of insurance that covers firm assets and client property against malicious actors—either theft by employees or fraud by people outside your firm. Basically, a fidelity bond is there to make your clients whole if someone uses your firm to steal from them.

A growing risk for RIA firms that fidelity bonds often cover is "social engineering." That's when a hacker gains access to information and accounts and then impersonates a client in order to authorize a transfer. "This is a buzz word in the news," says Thayer. "As you can imagine, it's an area where we're seeing frequent claims."

For example, an advisor receives a message requesting a funds transfer. A staff member follows firm procedure and calls the client on the phone to verify the transfer before putting it through. Unfortunately, what the staff member doesn't realize until too late is that a hacker had gotten into the client's portal and changed the contact information. The voice on the phone okayed the transfer, but that voice did not belong to the client.

In cases where the RIA firm has security protections in place such as callbacks, but fraudulent transfers still get through, a fidelity bond can reimburse clients for those losses.

Learn more about fidelity bond insurance from Jessica Thayer

Cyber insurance

Illustration of woman working on secure and protected computer

Cybercrime isn't limited to losses from transfers. An RIA firm could lose data, have client data exposed to thieves, need to replace hardware or software, or even need to pay a ransom to get the firm running again. Cyber insurance offers the broadest approach to internet crimes committed against your firm and your clients.

The breadth of what you can cover with cyber insurance is a benefit, but also a challenge. "Coverage can vary dramatically because the terms are not standardized," says Shannon. "It could be a full-blown, robust policy that will cover multiple cyber-related risks, or it could be a very limited endorsement on an existing policy that may only cover one or two risk points."

RIA firms should look closely at what the policy offers and shop around before committing to cyber insurance. In particular, you will want to look closely at how ransomware is covered. This is when a hacker takes over your network and locks you out until you pay a ransom to recover access. According to Verizon's 2021 Data Breach Investigations Report3, ransomware attacks doubled last year and continue to rise. In fact, you may remember that fuel supplies were disrupted when the Colonial Pipeline software was shutdown by ransomware. 

Cyber insurance can pay for costs associated with a cyberattack, including identity protection for clients and reputation management for your firm, but the benefits often go deeper. Cyber insurance companies typically employ skilled technical staff that can help you identify and remedy an issue. Also, carrying cyber insurance is good for your balance sheet or personal assets. Rather than show losses due to fraud, you pay a premium as an ordinary expense and the losses are paid to you or your clients by the insurance company.

Learn more about cyber insurance from Scott Shannon

It's clear that the risks of mistakes and fraud are growing and that both small and large firms are targets for hackers. An insurance policy can prevent errors and attacks from putting your firm out of business.

What can you do next