Live Webinar 11/20: SMB Cyber Survival Guide 2025

9 Ways for Brokers to Help a Client After a Cyber Incident

Blog: How brokers can help clients secure cyber insurance after an incident

Whether you’re working with a first-time buyer or a client that’s up for renewal, it’s possible for them to secure cyber insurance after they’ve experienced an incident.

Rich Gatz, Claims Counsel, and Michael Carr, Head of Risk Engineering, North America, shared their expert knowledge with us so we could create an actionable list for brokers to follow. 

9 steps to help your clients after an incident

1. Help your client answer the questions on their cyber insurance application

You ensure accuracy and keep the process moving forward when you assist your clients with the application from the get-go and help them with questions they may not understand. 

2. Work with your client’s IT administrator to fill out the questions relating to their department

Your client’s IT administrator will be better able to answer in-depth network security questions. If they don’t have an in-house IT team, connect with their third-party managed service provider. 

3. Verify what your client says is true is, in fact, true

While your client probably isn’t intentionally withholding information, they may not understand every layer involved with cybersecurity controls and why it’s important for them to be enabled across multiple applications, systems, or subsidiaries.

"Let’s say a company has a number of subsidiaries. You should attest that they have MFA, EDR, etc., across all of them, not just some of them. It’s always worth asking — are there any divisions, subsidiaries, or locations where the answers would be different?" —Michael Carr, Head of Risk Engineering, North America 

4. Have a basic knowledge of your client’s network infrastructure

As a trusted risk advisor, your ability to advise your client is improved by your understanding of their network. This will help you make accurate and well-informed recommendations on both coverage and cybersecurity controls.

5. Know what happened during their cyber incident and which remediations were made

Answering all of these questions from the start can make the evaluation process easier for you and the insurer: 

  • How did the attacker get in?

  • Were any systems or access to those systems shut off? 

  • Did they encrypt backups? 

  • Were there any follow on consequences, like a HIPAA investigation? 

  • Did they notify people whose information was compromised? 

  • How has your client addressed these issues? 

6. Read and know their policy

You don’t have to be a cyber expert, but you do need to be a coverage expert.

"I’ve been on the phone with brokers who argue about policies, and they admit that it’s their third time reading a cyber policy. You’re not benefitting your client by not understanding their policy. You need to know the differences in supplemental coverages and endorsements." — Rich Gatz. Claims Counsel

7. Understand your client’s growth trajectory

It’s important to know if your client is rapidly growing and if they have a plan to scale up their security appropriately. For example, endpoint detection and response (EDR) is an excellent but not mandatory control for smaller businesses. 

8. Disclose any litigation or regulatory investigations arising from their prior incident

If your client has been sued or investigated by a regulator (e.g., under HIPAA), or they believe there’s still a potential for such actions, it’s essential for insurance underwriters to have that information to assess the risk appropriately. Failing to disclose this information could put future coverage at risk. 

9. Focus on the value of the policy over that cost of the premium

"Which insurance company can help you make sure a claim doesn't happen going forward? Your premiums might go up, but will answer a call on Christmas morning? That's something that good insurance companies can do. A good claims experience can be worth more premium; especially if your client goes through a bad experience with another carrier." —Rich Gatz, Claims Counsel

How Coalition handles these risks differently

Coalition brings together the power of in-house underwriting and security expertise with our own claims and incident response teams, which allows us to create a full picture of each policyholder’s individual risk.

Our Active Insurance monitors the policyholder’s network throughout their policy, notifying the broker and the policyholder if anything arises and needs to be addressed.

"There are organizations who have suffered cyber incidents and made leaps and bounds strides to become better risks. I’m glad Coalition is one of the most willing partners to actually hear the stories of these organizations." —Alexandra Bretschneider, VP and Cyber Practice Leader for Johnson, Kendall and Johnson

Reduce the risk of another incident with Coalition

Working with clients who have experienced a cyber incident can be challenging, but certainly not impossible. Your guidance can help your clients move the needle and reduce the likelihood of another attack. Start quoting these risks today.