Coverage for What Standard Policies Miss
Cyber liability structured around how AEC firms manage data, systems, and client information.
AEC firms hold more sensitive data than most expect. Project files, BIM models, and building system credentials represent exposure that standard GL and professional liability policies are not designed to address.
The cost of responding to a cyber incident can be significant regardless of firm size. Cyber liability is designed to help address those costs, subject to policy terms and covered triggers.
Coverage Overview
What Cyber Liability Is Intended to Cover
First-Party Costs
Responds to costs your firm incurs directly, including forensic investigation, system recovery, and client notification.
Third-Party Liability
Addresses claims brought against your firm arising from a covered cyber incident.
Business Interruption
Intended to address income loss from a covered system outage, subject to policy terms and waiting periods.
When to Consider It
Where Cyber Liability Tends to Be Relevant
Architecture and Engineering Firms
Project files, BIM models, and building system credentials represent meaningful data exposure.
Construction Firms and Contractors
A ransomware attack or system breach can disrupt the entire project chain.
Environmental and Technical Consultants
A breach affecting site data or regulatory submissions can give rise to both third-party and regulatory exposure.
Firms With Remote or Hybrid Teams
Distributed workforces expand entry points for a cyber incident. Worth reviewing specifically.
Key Considerations
A Few Things Worth Reviewing
Sublimits
A policy's overall limit may be significantly higher than what is available for a specific type of incident. We review sublimits before any recommendation.
Security Posture
Multi-factor authentication, endpoint protection, and data backups all affect coverage availability and pricing.
Coordination With Other Policies
Cyber policies vary in how they define covered incidents. We review the form against your operations before any recommendation.
Policy Triggers and Definitions
Some cyber incidents give rise to claims under professional liability or GL. We review the full program before placing any individual coverage.
The Process
Deliberate at Every Step
Step 1
Assess Your Digital Exposure
The data your firm holds, how it is stored, and what systems your operations depend on.
Step 2
Review Your Security Posture
We review security practices before going to market to improve terms and present your firm accurately.
Step 3
Coordinate With Existing Policies
We review your professional liability and GL policies before placement.
Worth Knowing
Questions That Come Up Often
Does my professional liability policy cover a cyber incident?
Professional liability policies frequently contain exclusions for cyber-related claims. The extent of those exclusions depends on the specific policy language and how the incident is characterized. Reviewing both policies together helps identify where coverage may apply and where limitations may exist.
Does firm size affect whether cyber coverage is worth considering?
Cyber incidents affect firms of all sizes. Exposure is generally tied more to systems, data handling, and operational practices than to firm size alone.
How does ransomware coverage work?
Ransomware coverage may address ransom payments, system recovery costs, and related business interruption, subject to policy terms and conditions. Availability often depends on security controls and underwriting requirements.
Often Paired With
What Firms Typically Review Together
General & Property Liability (BOP)
Helps respond when someone claims your business caused bodily injury or property damage.
Professional Liability
Helps respond when a client alleges your professional services caused a financial loss, project issue, or other damages.
Umbrella Liability
Sits above multiple underlying policies and responds when primary limits are exhausted.
Start the Conversation
Want to See How Your Program Holds Up?
Tell us about your firm and the work you take on.
We'll take a look and share what we find.