Suite3 has been instructing our clients to talk to their insurance professionals about making sure they have Cyber Liability Insurance coverage that is appropriate for their business, and has provided previous blog articles to make sure the right questions are asked before committing to a policy. However, we’ve become aware of some current trends that may impact your carrier’s willingness to pay in the unfortunate circumstance that a claim is necessary.
For example, a company who had experienced an incident didn’t start the claim process until after the incident had been remediated and were seeking reimbursement. However, their carrier told them that they wouldn’t be covered because they failed to notify the carrier prior to beginning the recovery process. Because of the delay, their claim was denied!
Therefore, it’s critical to ask your carrier two important questions:
- Should an incident be detected, does the carrier need to be contacted prior to remediation actions be taken? If so, by what means does contact need to occur? Is there a 24×7 incident response number to call? In one case, we learned the carrier wanted to either be sent an email, or to mail them a letter (!). A letter? Sure… let your client wait a week before getting word back that it was OK to begin incident response!
- Does the carrier assign an Incident Response team to take point on coordination, or is the client allowed to work with any party of their choosing for Incident Response? We’ve learned in some cases, carriers require that they assign the response and remediation teams. In that case, if, for example, Suite3 were to begin recovery efforts, any claim may be denied if not pre-approved by the carrier.
Unfortunately, Cyber Liability Insurance isn’t set it and forget it. If you have a policy – congratulations! You are among the minority of small businesses who take cybersecurity threats at a level of importance that’s appropriate. However, if you don’t have the exact Incident Response Plan required by your carrier well documented in advance of an incident, you may find your coverage less desirable than anticipated.