The median cost for an E&O policy for advisors starts at about $220 per month, or $2,610 a year, for a $1 million per occurrence coverage with a deductible of $5,000, according to Insureon, an on online E&O insurance broker.

Cyber liability insurance costs another $105 per month, or $1,260 per year, for $750,000 per-occurrence coverage and covers legal fees and recovery costs, stemming from data breaches. That brings the total annual cost for the E&O policy Schwab is requiring to about $3,870 per year.

William M. Harris, president of WH Cornerstone Investments in Duxbury, Mass., which custodies assets at Schwab, said he pays about $6,000 annually for E&O coverage. “Social engineering coverage was a new one for me,” Harris said. “Regardless, I forwarded Schwab’s mandate to my insurance carrier to make sure we had all the requisites covered.

“While I think E&O is good industry practice, Schwab’s notice was disconcerting. What other mandates lie ahead? In addition, the mandate was emailed via nondescript notice from someone I was not familiar with. I would have liked to have seen a reach out from a dedicated service contact. In their defense, maybe that will follow,” Harris added.

Schwab “is wisely circumventing its own liability by putting a policy requirement in place, an attorney who asked for anonymity said.

“I run a $420 million RIA and we clear 100% through Schwab,” Daren Blonski, co-founder and managing principal of Sonoma Wealth Advisors in Sonoma, Calif., said. “When I received the email yesterday it was interesting that they had to send it out. It tells you that a lot of people are operating without E&O.”

Blonski carries E&O and said “operating without it is like being a good driver and thinking you will never get in an accident.”

In addition to investors getting increasingly skittish about investment losses, regulators are cracking down on advisors with deficient cybersecurity breaches.

In August, the Securities and Exchange Commission sanctioned eight firms for failures in their cybersecurity policies and procedures that resulted in email account takeovers exposing the personal information of thousands of customers and clients.

The eight firms, which settled the charges without admitting or deny guilt, are Cetera Advisor Networks LLC, Cetera Investment Services LLC, Cetera Financial Specialists LLC, Cetera Advisors LLC, and Cetera Investment Advisers LLC; Cambridge Investment Research Inc. and Cambridge Investment Research Advisors Inc. (collectively, Cambridge); and KMS Financial Services Inc. (KMS). All were SEC-registered as broker dealers, investment advisory firms or both.