You’re a cybersecurity professional running an MSP or security consultancy. You also run a help desk for your clients, password resets, software troubleshooting, user support. It’s 20% of your revenue and keeps clients sticky.
Your broker told you these services are covered under your Tech E&O policy. Your broker is wrong.
The Problem
Most Tech E&O policies define “professional services” as consulting, design, implementation, and advisory work. Help desk and technical support often fall into a different category that policies exclude: “administrative services” or “clerical work.”
Translation: If something goes wrong during help desk work, your Tech E&O policy for professional services might not respond.
Real-World Scenario
Your help desk technician receives a call from a client’s “CFO” asking to reset the password for the company’s banking portal. The technician follows your standard verification protocol, confirms name, department, and last four of SSN (all available on LinkedIn and data broker sites).
It turned out it wasn’t the CFO. It was a social engineering attack.
The attacker drains $180,000 from your client’s bank account before the bank freezes the account. Then, your client sues you for failing to use multi-factor authentication in your verification process.
“Password reset services are not professional consulting services under this policy. They’re clerical support functions.”
Your Tech E&O carrier’s denial letter
To avoid this…
What to Look For in Your Tech E&O Policy:
- Check your policy’s definition of “professional services.” Does it explicitly include help desk, technical support, or user assistance?
- Look for exclusions around “clerical work,” “administrative services,” or “routine maintenance”
- If you provide 24/7 support, verify your policy covers after-hours work (some don’t)
The Coverage Gap
What most firms miss: Help desk work creates a different risk profile than consulting work.
Higher volume of interactions = higher probability of human error
Social engineering attacks specifically target help desk staff
Credential management (password resets, MFA bypass) is high-stakes work disguised as routine support
Standard Tech E&O policies weren’t written with this exposure in mind.
The Fix
You need one of two things:
Option 1: Specialized Tech E&O Policy
A specialized Tech E&O policy that explicitly defines professional services to include technical support, help desk operations, and credential management.
Option 2: Separate Cyber Liability Policy
A separate cyber liability policy with first-party coverage for social engineering losses AND third-party coverage for client lawsuits arising from help desk errors.
Most firms need both.
The Bottom Line
If help desk services represent more than 10% of your revenue, your current Tech E&O policy probably doesn’t reflect your actual risk profile. That means you’re either underinsured or overpaying, possibly both.
Want to know if you’re covered? Get in touch and I’ll help you figure out where you stand.