Cyber insurance will likely factor heavily into broker errors and omissions risk in the near future, BOXX Insurance president Jonathan Weekes said Sunday at the Insurance Brokers Association of Alberta (IBAA) 2026 Convention in Banff.
“I think…the lack of advising clients around cyber insurance and cyber risk will probably be a leading factor [in] broker E&O over the next several years,” Weekes says during a cyber risk session.
As such, he recommends brokers move the discussion about cyber earlier into their conversations about renewals or when taking on a new client.
In a separate session, Grace Leung, a claims expert and vice president at Swiss Re Corporate Solutions, also used the example of cyber as a potential E&O risk. For her company in recent years, ‘recommend coverage type’ is a leading alleged E&O risk.
“So, that’s situations where, for example, you have a business, and your client asks you for the whole package, and you give them everything, but you forget to mention cyber coverage,” Leung says. “And unfortunately, that’s when a cyber incident happens.”
To illustrate the potential cyber E&O risk, consider a case where a client has both a standalone crime policy and standalone cyber policy, Weekes says. It can become a question of which policy responds first, and how the broker outlines policy coverages to the client.
The problem is that a lot of small businesses don’t think they need cyber insurance coverage, because “they’re not important enough for a hacker to care about them,” Weekes says.
“That’s been proven wrong time and time again,” he says. “Actually, small businesses are the most likely organizations to be hit by a cyberattack because they have the least amount of resources.”
Cyber as a risk transfer tool
But cyber insurance should be looked at as a strategic risk transfer tool, Weekes says.
Similar to cyber insurance, many small businesses also don’t buy a standalone crime policy, as they don’t see the value, he says.
To add to the complexity, social engineering/funds transfer fraud and invoice manipulation coverage, for example, has started to work its way into a traditional crime policy. But Weekes recommends that brokers try to get the coverage through the cyber policy as well.
But what about those clients that do buy standalone crime and cyber policies, with coverage for financial crime (specifically cyber exposures like social engineering/funds transfer fraud, invoice manipulation, etc.)?
“You need to have a conversation with [clients] about which one responds first,” Weekes advises. “And I say this because both of these policies will have other insurance clauses.”
If there are two relatively similar coverages, that client will then be in a battle with those carriers as to who is going to pay, Weekes says.
“And the most awkward position to be in is actually the broker position, because you’re either fighting with the carriers or you’re fighting with the client to remain patient as you figure it out,” he says.
But if the client is out, their patience with the broker will be “zero,” Weekes says. And this could lead to a potential broker E&O exposure.
The client could say something like, “You should have known that this could have happened, and you should have figured out how to admit coverage to reduce the likelihood of it happening, or eliminate it,” Weekes says.
What he recommends to brokers — and what he did when he was a broker — is have an endorsement drafted and attached to one of the two policies. “And it would say that this policy is primary for these specific exposures or coverage [areas].”
Larger carriers will likely have such an endorsement ready but may not offer it unless it’s specifically requested.
“You have to take those steps to see where the overlap is and make sure…[to] address it,” Weekes says.