Warning: The Hole In Your Cyber-Insurance Policy That Could Result In Your Claim Being Denied Coverage
You’ve all heard the stats – small businesses are the #1 target for cybercriminals because they’re easy targets, with a recent article in Security Magazine reporting that nearly two-thirds (63%) of small businesses have experienced a cyber-attack and 58% an actual breach. But many still don’t understand (or don’t appreciate) how much a cyber-attack can cost you.
That’s why one of the fastest-growing categories in insurance is cyber liability. Cyber liability covers the massive costs associated with a breach, which may include the following, depending on your policy:
• Legal fees for handling any number of lawsuits, including class action litigation against your organization, as well as fines and penalties incurred by a regulatory investigation by government and law enforcement agencies.
• Negotiation and payment of a ransomware demand.
• Data restoration and emergency IT fees to recover your network and get it operational again.
• Customer notifications and credit and identity theft monitoring for clients and employees.
• Public relations expertise and call center costs for taking inbound calls and questions.
• Loss of revenue related to being unable to transact; if your operations and data are frozen, you might not be able to process sales and deliver goods and services for days or weeks.
• Errors and omissions to cover liability related to a failure to perform and deliver services to customers and allegations of negligence in protecting your customers’ data.
If you want to ensure you don’t lose everything you worked so hard for to a cyber scumbag, cyber liability is a very important part of protecting your assets.
But here’s what you need to know: To get coverage, businesses are required by insurance companies to implement much more robust and comprehensive cyber protections. The insurers want the companies they are underwriting to reduce the chances and the overall financial impact of a devastating cyber-attack so they don’t have to pay out – and this is where you need to pay attention.
MANY business owners are signing (verifying) that they DO have such policies and protections in place, such as 2FA, a strength of password requirement, employee awareness training, and data recovery and backups. Still, they aren’t implementing them because they assume their IT company or person knows this and is doing what is outlined in the policy. Not so in many cases.
Unless cyber security is your area of expertise, it’s very easy for you to misrepresent and make false statements in the insurance application. This can lead to your being denied coverage in the event of an attack and having your policy rescinded.
Suppose you have cyber liability or similar insurance policies in place. In that case, I urge you to revisit the application you completed with your IT person or company to ensure they are doing everything you represented and affirming you are doing. Your insurance agent or broker should be willing to assist you with this process since your IT company or person cannot be expected to be an insurance professional who can interpret the legal requirements outlined.
What’s critical here is that you work with your IT company or person to ensure 100% compliance with the security standards, protocols, and protections you agreed to and verified having in place when you applied for coverage. IF A BREACH HAPPENS, your insurance provider will NOT just cut you a check. They will investigate to determine what happened and what caused the breach. They will want to see tangible evidence and documentation that proves the preventative measures you had in place to ward off cyber threats. Suppose it’s discovered that you failed to put the adequate preventative measures you affirmed you had in place and would continue to maintain your insurance application. In that case, your insurance company has every reason to deny your claim and coverage.
If you have ANY concerns over this – including whether or not you need coverage, whether your coverage is sufficient, and whether you are doing what you need to do to avoid an insurance denial, click here to schedule a quick consultation to discuss your current situation and to receive a referral to a cyber insurance expert we recommend.
Further, if you would like us to conduct a FREE cyber security risk assessment to show how secure and prepared you are for ransomware or a cyber-attack, we can discuss that too! Just click here to schedule a phone consultation.