Introduction

Updated: November 2025. This modular bundle is designed for Canadian small and mid‑sized organizations (private companies and nonprofits) that want an integrated approach to management liability and cyber risk. It packages Directors & Officers (D&O), Cyber Liability, and Employment Practices Liability (EPL) into one coordinated program available across Canada, excluding Quebec.

• Why bundle: single renewal, coordinated limits/retentions, fewer coverage gaps across boardroom, workforce, and digital exposures.

• Where to learn more: see Directors & Officers Insurance and Cyber Insurance.

What the bundle covers

• D&O Liability

• Protects individual directors/officers and the organization against claims alleging mismanagement, breach of duty, negligence, or regulatory errors. Coverage typically includes Side A (non‑indemnifiable loss for individuals), Side B (company reimbursement), and Side C (entity securities claims for public issuers; for private entities, negotiated scope varies). See our D&O hub.

• Cyber Liability

• First‑party costs (incident response, forensics, restoration, business interruption, extortion) and third‑party liability (privacy, network security, media). See our Cyber hub.

• Employment Practices Liability (EPL)

• Wrongful dismissal/termination, discrimination, harassment, retaliation, failure to accommodate, and certain wage‑and‑hour defense (where available). Risk management support often includes HR helplines, policy templates, and training modules.

How these coverages work together: a cyber breach can lead to privacy claims (Cyber), employee privacy/HR issues (EPL), and derivative allegations against leadership (D&O). The bundle aligns definitions, notification duties, and panel counsel to reduce friction and coverage conflicts.

Typical limit architectures (illustrative)

• Coordinated management liability “tower” for D&O with separate aggregates for Cyber and EPL under one program administrator.

• Common limit options selected by SMEs: C$1–5M per coverage part, with retentions tailored to balance premium vs. cash‑flow tolerance. Actual options depend on underwriting and appetite.

• Add‑ons often requested: investigation/pre‑claim expenses, derivative demand, crisis communication, regulatory proceedings, PCI, social engineering, and wage‑and‑hour sublimits (availability varies by insurer).

Bundle vs. separate towers: decision matrix (guidance)

Note: The above is guidance only. Final placement depends on underwriting feedback, risk tolerance, and budget.

Underwriting submission schema (what to provide)

Provide a single submission; Summit will map it to each coverage part.

• Corporate profile (all coverages)

• Legal name(s), jurisdictions of incorporation and operation (Canada only, excluding Quebec for this program), ownership/cap table, subsidiaries, NAICS, description of operations, 12–24 month business plan, and risk management contacts.

• Financials: last two fiscal years plus YTD (balance sheet, income statement), debt facilities/covenants, liquidity runway, and any going‑concern notes.

• Loss history: five‑year claims/loss runs and narrative on causes/corrective actions.

• D&O‑specific

• Board/committee composition, independence, indemnification agreements, bylaws/charter excerpts, outstanding litigation/investigations, major contracts, customers >10% revenue, M&A/spin‑off/IPO outlook, key person coverage and succession.

• Cyber‑specific

• Data inventory (PII/PHI/PCI), records counts, critical systems, third‑party dependencies (cloud, MSP, payment processors), external attack surface summary.

• Controls: MFA everywhere (privileged and remote), EDR/XDR on endpoints, privileged access management, security awareness training and phishing simulations, patch cadences/SLA, encryption in transit/at rest, email security (DMARC/SPF/DKIM), backups (immutable, offline; tested restoration RTO/RPO), vendor risk management, incident response/BIA/DR plans, and 24/7 monitoring.

• Prior cyber incidents, ransom payments, and improvements made.

• EPL‑specific

• Employee counts by province (exclude Quebec), full‑time/part‑time/contractor mix, turnover metrics, union presence, handbook and acknowledgement processes, anti‑harassment/discrimination policies, accommodation processes, performance/discipline workflows, terminations (voluntary/involuntary) last 36 months, and third‑party liability exposure (customers/vendors).

Sample marketing timeline and service levels (illustrative)

Actual timelines depend on underwriting appetite and complexity. Summit coordinates all parts to a single close.

• Day 0–1: Intake call and data collection; submission pack prepared.

• Day 2–3: Market strategy confirmed; applications issued to target insurers.

• Day 4–10: Underwriter Q&A; security/HR clarifications; preliminary indications.

• Day 11–15: Quotes received and compared; recommendations finalized.

• Day 16–20: Bind order, subjectivities cleared, evidence issued.

Service expectations (non‑binding targets):

• First response: same business day.

• Market approach: within 2 business days of complete submission.

• Quote comparison and recommendation: within 2 business days of receiving all quotes.

• Evidence of insurance: issued promptly after binding.

• Claims: 24/7 intake and guided coordination via Claim Services.

Claims coordination across coverage parts

• One incident, many policies: Summit will triage notice requirements and engage the appropriate carriers/counsel for D&O, Cyber, and EPL to avoid late‑notice issues and preserve coverage.

• Incident playbooks: for cyber events, we coordinate breach coaches, forensics, and notifications; for EPL, we guide HR documentation and defense counsel selection; for D&O, we manage preservation orders and regulatory interfaces. Start with Claim Services.

Program governance, renewals, and benchmarking

• Annual renewal calendar aligned across all parts; mid‑term reviews on material changes (funding rounds, acquisitions, leadership changes, new geographies, or vendor shifts).

• Controls uplift plan: Summit provides prioritized cyber/HCM control roadmaps to improve insurability and economics year‑over‑year.

Pricing, compensation, and transparency

• Summit compares coverage and terms across multiple insurers to curate best‑fit options; see Business Insurance for our approach.

• How Summit is compensated (commissions, possible contingency, or agreed client‑paid fees) is transparently disclosed; see How We Get Paid.

Jurisdiction and eligibility

• Availability: Canada excluding Quebec. This program does not apply to Quebec‑domiciled risks or operations; separate arrangements are required for those jurisdictions and are not placed through this bundle.

• Certain classes (e.g., public issuers, crypto custody, critical infrastructure) may require bespoke placements or separate towers.

Frequently asked questions

• How is D&O different from Professional Liability (E&O)?

• D&O addresses governance/management decisions; E&O addresses the quality of your professional services. See Professional Liability (E&O).

• Can I add Business Interruption or Property here?

• Yes, but they are separate product lines. Start at Commercial Property and we will align renewal dates.

• What if my cyber controls are still maturing?

• We can place coverage with staged control improvements and endorsements; expect underwriting Q&A and potential sublimits for certain perils until controls are strengthened.

Related hubs and next steps

• Explore Directors & Officers Insurance and Cyber Insurance for deeper coverage details.

• Ready to start? Contact us at Summit Cover to receive a tailored submission pack for this bundle.