The last phase of the NIST Cybersecurity Framework is Recover, defined as the timely recovery to normal operations to reduce the impact from a cybersecurity incident. As a result, cyber liability insurance should play a major role in the recovery process for any business that experiences a security incident.
However, as with any insurance, it needs to be in place before any incident were to occur. Also, not all policies are the same, and careful consideration needs to be given to be sure appropriate coverages exist to cover the different ways data may be lost or your incident may impact your business.
Quite often, qualifying categories are very generic in their description, so clarity is key. Also, understanding exclusions or reasons for possible disqualification of claims that could prevent a business from receiving a reimbursement on a claim is critical.
Therefore, we recommend that our clients work with their insurance provider to develop a list of potential scenarios mostly likely to occur and receive feedback in writing from your carrier to confirm coverages exist.
Be sure your coverage includes reimbursement of all expenses related to incident recovery including the paying and negotiating of ransoms, labor to rebuild systems, payroll costs during downtime, legal fees, regulatory fines, and loss of revenue in the following sample scenarios:
- Should an employee have accidentally clicked on a link in an email and resulted in systems being encrypted and held for ransom.
- If a malicious attack destroys data with no solution of paying a ransom.
- If email accounts are compromised and deceived a client into a wire transfer or modification of bank routing numbers.
- If an employee was deceived into a payment/wire transfer from a client/vendor’s email account that had been compromised.
- If an illegal wire/payment was transferred out of your account.
These examples are not exhaustive, but should serve as a place to start your conversation. Ideally, your insurance agent is already having these conversations with you. If you find they are not, or should they be unable to talk to you about cyber liability insurance intelligently, then it may be time to consider working with a new agent.
The likelihood of having a data loss incident continues to increase. Have coverages, understand your coverages, Keep Calm and Compute On!