BUSINESSES ARE faced with increasing threats from cyber criminals who are constantly working to devise new ways to infiltrate organizations’ databases and extract information or find some way to monetize their hacks, like in the case of ransomware.
Cyber insurance can help your business recover from these events, but policies vary on what risks are covered. Also, as cyber insurers get more stringent in their underwriting, they are denying more claims.
In order to ensure that your claim gets paid, you should:
1. File your claim on time
Most cyber policies are written on a “claims made” basis, meaning they will only cover claims that are made when the policy is in effect.
If you file a claim after the policy expiration, it would likely be rejected.
Some policies may include language that allows claims to be made for a few months after the policy expires as long as the event occured during the coverage period.
Also, if your organization experiences a cyber event that may eventually lead to a claim, it’s important that you notify your insurer during the policy period. This is really important because if you fail to alert the insurer about it early in the process, they may deny the claim.
2. Understand the depth of your coverage
Because cyber policies are still evolving, coverage will often vary from insurer to insurer.
It’s important that you sit down with us to discuss your exposures (such as if you store client credit card information on your servers). This can help us find the right coverage for your organization.
Coverage will vary depending on the type of business you are running, the technology you are using and what data or company intellectual property you want to protect.
Some policies will also require that you have specific protocols and software in place to reduce the chances of your data being hacked.
For example, policies may require that the policyholder applies security patches, uses encryption technology and has a secure-socket layer to protect credit card data.
Other areas that cyber policies will often differ on include:
- Paying for any potential legal costs after a breach.
- Paying for tools to remediate any exposur
3. Understand what’s not covered
All insurance policies have exclusions, and cyber policies are no different.
Examples of common exclusions
- If your data is compromised when sharing it with a vendor, such as a payroll provider.
- If you have a system pipeline into a client’s network and the network is hacked.
- Fraudulent entry into certain parts of your network systems.
- Patent or copyright infringement.
Again, it’s crucial that you read your policy before signing and that you evaluate whether any existing or future contracts with vendors or clients fall outside the policy’s coverage area.
Two of the major areas of coverage you may want to look for in exclusions are:
- Will the policy cover data that is stored outside of your network, either on the cloud or on a vendor’s network?
- Will externally generated data be covered if a breach occurs within your system?
4. Get the insurer involved early
Sometimes a breach is not readily apparent. You or an employee may notice that some programs are not performing as usual.
When in doubt, reach out to us or the insurance carrier if you think you’ve had a breach. Even if it’s just asking questions or trying to clear up your uncertainty, it’s better to contact the insurance company so that the event rises to its radar.
It’s better to reach out early because it will give the insurer a chance to investigate the matter and determine if there has been any exposure.
This will give you peace of mind that you will be protected should the matter rise to the level of a genuine claim.
The worst thing you can do is to wait until after you’ve started receiving complaints from customers, vendors or regulators. At that point your insurer will have a much more difficult task on its hands.
Getting the insurer involved early will make it easier for them to manage the claim – and it can limit the amount of fallout.