SMB Cyber Solutions

Cyber–protection plans with tools to help with State/Federal compliance, data breach prevention, data breach response, and cyber liability insurance.

  • Effective and fast resolution to help protect customers and employees
  • Support to meet compliance obligations
  • Ability to successfully service impacted customers or insureds
  • Customized and scaled services to handle each incident, providing identity protection and credit monitoring whether it affects hundreds, thousands or millions of individuals

It is critical for any business to understand its information risk – not only with respect to personal information, but also sensitive corporate data, and trade secrets. This process starts with understanding the legal and other obligations that pertain to a business's information risk, as well as the practices, policies, and other safeguards the company has in place to protect information.

Written Information Security Program (WISP)¹

In collaboration with our legal team at Jackson Lewis, this Written Information Security Program (WISP) is intended as a set of comprehensive guidelines and policies designed to safeguard all sensitive data maintained at your business,and to comply with applicable laws and regulations on the protection of Personal Information found on records and in systems owned by the business.

Why is a WISP important

All businesses collecting and maintaining personal information are required to have reasonable safeguards. For tax professionals and CPA firms, in particular, a WISP is required by IRS and FTC regulations, in addition state statutes across the U.S. The WISP enhances businesses' defensible position against growing litigation.

Compliance Resources

The Organizational Risk Assessment helps you understand understanding the legal and other obligations that pertain to a business's information risk.

The Operational Risk Assessment helps you understand your information risk with a focus on business practices, policies, and other safeguards the company as in place to protect information.

An Interactive State Requirement Map displays the data protection laws that are generally applicable with respect to that type of data protection. It also will link you to the applicable Legislative Resources for further review. This information will help you build, and keep, your WISP current.

A Knowledge Center which consolidates articles and commentary, giving you general information on data privacy, safeguarding personal and other confidential information and responding to data breaches.

¹Use of the content provided for Breach Prevention and Compliance and assistance from any of the attorneys through this process is not intended to replace your need to hire appropriate legal counsel to assist in making specific decisions concerning a data incident and in implementing appropriate policies and procedures.

Businesses are generally without the resources needed to respond to a data breach incident — including the costs of forensics, legal fees, and notification costs. First–party cyber coverage of this kind can help to offset those costs you often must incur to comply with applicable law.

Cyber Liability Insurance should be used when you experience a data incident that may constitute an unauthorized access, acquisition, loss, modification, or disclosure of personal information maintained by the business.

Cyber liability insurance protects businesses against the cost of actual or suspected data–related crimes and losses. This includes targeted attacks like malware and phishing.

If your business computer system is compromised by a targeted or an accidental attack, you may be liable for the cost to notify the affected parties and provide credit monitoring, even if the data is not exploited. You could lose money to a phishing attack or lose business due to a ransomware demand.


$250,000 Annual Aggregate
No Underwriting
$1,000 Deductible


Higher Aggregate Limits Available $1M, $2M, $3M
Online Short-Form Application (less than 100 questions)


Coverage benefits include:

  • Legal defense and settlement or judgement
  • Regulatory fines and penalties (including PCI)
  • Mandatory Forensic Examination
  • Associated Legal Expenses
  • Credit Monitoring
  • Identity Monitoring
  • Notification services
  • Call Center services
  • Public Relations services
  • And more
  • ¹This is a brief coverage summary, not a legal contract. The actual policy should be reviewed for specific terms, conditions, limitations, and exclusions that will govern in the event of loss. CLAIMS OR POTENTIAL CLAIMS MUST BE REPORTED WITHIN 60 DAYS OF FIRST KNOWLEDGE.

    Build resilience with a written plan for incident response which includes employee training.

    The Data Breach Response Plan shows the steps to an orderly data breach response, which you conduct yourself. The High-level Plan covers the following topics:

    • Insurance
    • Involving company leadership
    • Law enforcement
    • Setting up a call center & more

    Attorney–Assisted Data Breach Response Plan Development

    Included in your plan, attorneys are available to assist you in developing your data breach response plan. Preferred pricing available.

    A Data Breach Attorney Hotline is available to answer general questions on cyber security compliance and data breach preparedness. Preferred pricing available.

    Data Breach Tabletop Exercises

    Data Breach incidents require quick and compliant response. Breach simulation exercises simulate a data breach event to help response teams identify key steps in their response process. In collaboration with Jackson Lewis, we have developed an outline to help you facilitate your own tabletop exercises.

    Your data breach resolution partner should make security a top priority throughout the data breach response process. First Watch has the scalability to service any size business–small, medium, and enterprise companies. We manage breach response for as few as 10 individuals to multi–millions.

    Notification Letters | Print and Email

    Nearly every state has a breach notification statute that requires immediate notice concerning the breach to affected individuals, and in some cases, to state enforcement agencies and national credit agencies. Our 24/7 Notification Service for Affected Person Service bundles letter templates, data collection, reporting, mailing, and translation services.

    U.S. Based Call Center & FAQ

    The time immediately following a data breach is not when you want to hide from or alienate your clients' or insureds'. We are readily available to answer their questions in order to reinforce your commitment to their continued security. Our PCI-compliant and bi-lingual call center representatives can make a positive impact during a crisis. We dedicate a toll-free phone number where our CSRs greet each caller with your company name. FAQ development and translation services available.

    Identity Protection

    When your clients' or insureds' personal information may have been compromised—we help you quickly protect their identity. Our proactive identity theft protection service offers protection from the serious consequences of identity theft.

    Security awareness training for your employees is the first line of defense for any organization. Training goes a long way toward preventing many problems before they begin.

    Employees need to understand their responsibilities with respect to handling confidential information and protecting data with safety measures like: mobile device security, use of strong passwords, leveraging physical security protections, and proper destruction of data.

    Just as critical, employees need to know what NOT to do—such as visiting untrusted websites, opening email attachments from unknown sources, and having access to data that exceeds their level of responsibility.

    Data Breach Security Training Videos help determine where an employee stands in terms of data safety and security—when someone may need a refresher on proper company policies and procedures. It's invaluable training for data breach security.

    Phishing Intrusion Simulation Testing sends periodic phishing emails to employees to test if they are clicking links in suspicious emails. It helps employees recognize potential phishing attacks and avoid them in the future. This service includes an initial baseline test and testing on a periodic basis moving forward.