I do physical penetration testing (breaking into offices) and social engineering. State Farm and Hartford laughed me out of the room. “Too risky,” they said. “What if you get shot? What if you are arrested?” I had to go to the surplus lines market: Lloyd’s of London.
Key Takeaways
- Admitted vs. Surplus Lines: Standard carriers (Hartford) are “Admitted” (regulated, standard forms). “Surplus Lines” (Lloyd’s) are for high-risk, weird stuff.
- Tailored Coverage: Lloyd’s writes a custom policy. “We cover you breaking windows, but only if you have a signed letter of authorization.”
- Cost: Expect to pay double. Minimum premiums often start at $2,500 – $5,000.
- Taxes: You have to pay special state taxes on surplus lines policies.
The “Why”: The Standard Market Appetite
The Trap: Automated quoting engines (Next, Thimble) rely on algorithms.
Input: “Security Consultant.”
Algorithm Risk: “High.”
Result: “Decline.”
They want web designers, not professional burglars (even ethical ones).
You need a human underwriter at a syndicate who understands “White Hat” hacking.
The Investigation: I Talked to Brokers
1. Gallagher (Broker)
- My Analysis: They access the London market. They can build a policy that covers “Physical Security Testing” and “Cyber Assessments.”
2. Relm Insurance
- My Analysis: As mentioned in other articles, Relm covers crypto and high-tech risk. They are comfortable with “Red Teaming” operations.
3. Marsh
- My Analysis: Great for large corporate contracts, but maybe too big for a solo pen-tester.
[IMAGE: Photo of a “Lloyd’s Cover Note” document]
Comparison Table: Standard vs. Surplus
| Feature | Standard (Hartford/Hiscox) | Surplus (Lloyd’s/Relm) |
| Risk Appetite | Low / Vanilla | High / Custom |
| Cost | $ | |
| Speed | Instant | 2-4 Weeks |
| Claims | Standard | Specialized |
Step-by-Step Action Plan
- Find a Wholesale Broker: You can’t call Lloyd’s directly. Find a local broker who has “Market Access.”
- Prepare Resume: You need to prove you are an expert, not a criminal. Certifications (CEH, OSCP) help.
- Budget: Set aside
3kâ3kâ5k. - Read the Warranties: Lloyd’s policies have strict rules. “You must notify police 24 hours prior to test.” If you fail, no coverage.
FAQ
Is Lloyd’s a company?
No, it’s a market where many insurers (Syndicates) operate.
Is it safe?
Yes, Lloyd’s is one of the oldest and most secure financial institutions in the world.
Does it cover bail money?
Sometimes! Ask for “Criminal Defense Cost Reimbursement” if you get arrested while working.