Skip to main content

Security Incident Response Crisis Management

Marsh’s FINPRO and Political Risk groups have teamed up to develop a proprietary, cutting-edge crisis management solution — Security Incident Response (SIR) — that includes additional features available exclusively to Marsh clients. Different from and complementary to other lines of insurance, SIR offers pre-incident intelligence and mitigation services that dovetail with the post-loss indemnification coverage provided by traditional insurance. SIR covers the costs associated with responding to the suspicion, allegation, imminent threat, or occurrence of one or more of 57 insured events.

What is SIR?

SIR is a proactive indemnification policy that provides businesses with a comprehensive corporate security and business integrity solution. This product establishes a contractual mechanism, which allows Hiscox to pay, on behalf of the insurance buyer, all of Control Risks’ fees and expenses incurred while assisting an insured with the management of complex issues throughout the readiness, response, and recovery phases.

Control Risks’ services can be called upon by the insured not only following an incident but also upon suspicion, imminent threat, or allegation of an incident.

What is Covered?

The SIR policy provides access to Control Risks’ specialist consultants to support the policyholder in managing, mitigating, or eliminating any event listed within the six security and integrity risk categories. 

SIR provides cover for the following insured events:


  • Occurrence of an insured event.
  • Suspicion of an insured event.
  • Imminent threat of an insured event.
  • Allegation of an insured event.


Risk mitigation fund: 20% of the premium immediately made available to the policyholder is allocated towards Control Risks’ risk mitigation and prevention services.

Evaluation and assessment: Cover for 20 days for Control Risks to conduct an initial analysis, assessment, and preliminary investigation of facts. If Control Risks determines that the event has likely occurred or concludes that there is clear and imminent danger of an event occurring, the full cover will trigger as follows:

Response and recovery services, including: 

  • Danger of bodily injury to an insured person: Control Risks’ fees and expenses are unlimited.
  • For all other non-life threatening risks: Control Risks’ fees and expenses are covered for up to 60 days’ indemnity period.
  • Where an insured event requires Control Risks’ digital forensics, eDiscovery, and unstructured data analytics services: Control Risks’ fees are covered up to a specified financial limit of indemnity.

Response and recovery expenditures.

Hiscox will cover the costs incurred by the policyholder for the temporary containment, protection, and remediation measures as follows: 

  • Costs for temporary physical security measures to protect the insured’s property and insured persons.
  • Gross salaries of persons specifically assisting with an insured event and assisting in the coordination of the business continuity and recovery plan.
  • Cost of communication equipment.
  • Travel and accommodation costs.
  • Costs for the search for explosives or other harmful materials on your premises.
  • Costs for electronic sweeps for bugs or other electronic listening devices.
  • Reward paid to an informant for information leading to the resolution of an insured event.

Benefits for Marsh Clients

Marsh worked with Hiscox to develop a proprietary version of the Security Incident Response product. The Marsh-specific product features broader coverage and lower costs. Marsh clients will receive expanded coverage for no additional premium, including:

  • Unauthorized employee sanctions breaches as an additional insured event.
  • Reputation response and recovery services provided by a crisis communications advisor to mitigate the impact of adverse publicity, media coverage, or community sentiment.  

Marsh clients can benefit from a loyalty discount that reduces open-market premiums quoted for first and second renewals by 5%. Marsh clients that move their kidnap and ransom policies to Hiscox will also get a 5% discount on those policies, while current Hiscox K&R policyholders will receive a discount of between 3% and 5% on their SIR premium.

Several other policy enhancements are also available to Marsh clients, including the ability to cancel the policy mid-term, which can facilitate the acquisition of premium financing.

Key Benefits of a SIR Policy

  1. Duty of Care. Demonstrates to stakeholders that duty of care obligations have been considered and that anti-fraud and anti-corruption measures are in place.
  2. 20% of the SIR premium is made available to the policyholder on day one. These funds are used to invest upfront in resilience programs for mitigating the likelihood of critical events occurring or their impact if they do occur. This can be used on any of Control Risks’ services, across any of its disciplines. 
  3. Simplicity. A SIR policy gives the policyholder immediate access to Control Risks’ services via a single activation number. All Control Risks’ fees are paid by Hiscox, so there is no requirement to engage with third-party providers on a case-by-case basis. 
  4. Crucially, the policy can be triggered before a loss has occurred — on suspicion, allegation, or imminent threat of an insured event, as well as when one takes place.  

This means the SIR policy can mitigate the impact of an ongoing incident or allow it to be averted altogether, potentially reducing claims on other more costly insurances.

Why Buy a SIR Policy?

  • The policy provides a simple and robust mechanism to access expertise on demand.
  • It eliminates the financial volatility of responding to unpredictable events.
  • A SIR policy complements your existing capabilities in security and business continuity functions – providing bench strength and technical expertise.
  • The ability to activate the policy in advance of a crisis allows clients to use SIR to increase business resilience to unforeseeable and unbudgeted critical events.
  • Enhances business continuity and enablement by ensuring that you have the correct resource immediately on hand when needed.
  • The policy complements other insurances by acting as a first line of defense, particularly where other insurances will not trigger until the event has occurred. This can act as a deductible gap-fill.