How to Maximize Cyber Insurance Claims

September 27, 2022 | By IANS Research

The cyber insurance market, in which premium rates and claims act as a direct indicator of the cyber-attack landscape, has spiked in demand. As one sign of proof, the percentage of insurance clients that opt for cyber coverage has doubled in the last few years— a direct result of the increased frequency and severity of successful attacks.  

Premium rates have now caught up with demand — with an increase of over 79% between 2021 and the first half of 2022. Despite large price hikes, organizations still need cyber insurance. It provides financial protection for extortion, consumer privacy liability claims, and the direct operational slowdown or shutdown resulting from a data breach.  

Even as insureds realize the coverage benefits, issues arise regarding underinsured policies. Ransomware attacks can cost an organization millions of dollars per incident. Yet, it's not something most businesses are ready to handle — with only less than 20% of insureds having $600,000 or more in ransomware coverage limits. But even for those with adequate coverage limits, issues arise from a reduction in claim payments due to poor security practices, negligence, or coverage lapses by the insured.    

This piece provides advice to help to maximize cyber insurance claims along with guidance to ensure full cyber insurance policy coverage. 

Benefits of Cyber Insurance   

Cyber insurance coverage gives organizations the peace of mind and support they need during and after an attack. In addition to providing businesses with an incident response team and dedicated resources, it covers the costs of ransomware or network extortion payments, regulatory fines, lost revenue from a shutdown, and liability expenses such as legal fees, damages, or settlement costs resulting from a breach.  

Cyber insurance is helpful to companies especially when attackers steal their customers' personally identifiable information (PII) and credit card data. As part of the first-party cyber coverage, the insurer will pay the costs for investigating the event, data recovery, and incident remediation. Depending on the policy, it will also cover the costs of public relations efforts to inform customers of the incident and compensate the insured for any lost revenue resulting from a shutdown.  

On top of those expenses that directly indemnify the business, the carrier will cover third-party liability costs. This includes attorney expenses, court fees, damages paid to the exposed credit card companies, and settlement or punitive damages to the affected customers.    

Full Cyber Insurance Coverage Factors   

Because of the liability component in cyber insurance, businesses often need to have cyber insurance to fulfill contract requirements to protect the client or lead contractor. Regardless of contract or regulatory requirements, however, businesses in all industries are now prime targets of cyber criminals and should be prepared with a robust cyber insurance policy, especially if your organization meets any of the following circumstances:     

  • Accepts credit cards as payment: For many policies, part of the third-party cyber coverage includes payments to credit card companies if a breach resulted in unauthorized purchases by the exposed credit cards.  
  • Stores, processes, or manages PII of customers or partners: Cyber insurance covers the cost of privacy liability claims if you were deemed responsible for a third-party data breach. It also covers communications costs to notify other stakeholders that they may have been compromised.  
  • Uses online or network resources for operations or production: If an incident such as a denial-of-service (DoS) or ransomware attack were to lock users out of their applications or data, shutdown an IT production environment, or restrict a business's operational capabilities, cyber insurance will cover lost revenue and expenses to get back up and running.   
  • Uses a website to collect data or complete transactions: While great for collecting lead information, letting customers submit documents, or completing purchases, your website offers a point of entry and attack vector for cybercriminals. Cyber insurance covers many types of incidents, including ones sourced at an insured's website.    

Most likely your business falls into at least one of these categories making it necessary to purchase cyber insurance. Before purchasing the coverage referenced above, keep in mind that cyber insurance policies and coverage are highly variable and can differ between carriers.  Besides ensuring that you have the right coverage for the business, what are some of the other challenges to consider during procurement, and how do you address them?   

Cyber Insurance Challenges 

Organizations purchasing cyber insurance for the first time or looking to switch insurance carriers may struggle with high premiums or denied coverage if they don't have a comprehensive security program. Your organization must have a security plan with concurrent technology and management practices. Cyber Insurance carriers want organizations that properly identify risks, protect IT and data assets, detect potential threats and anomalies, respond to confirmed incidents, and recover from the events quickly to get back to normal operations.  

Similarly, if your organization has been categorized as a risk with prior claims or recently victim of a successful attack, then you will need to show resilience with documented steps to be prepared for and prevent another incident. It's often either a poor loss history or a lack of security solutions such as endpoint detection and response (EDR) technology, an incident response plan, or multi-factor authentication (MFA) on endpoints that get in the way of adequate coverage and total claim payouts.  

Alternatively, businesses planning to renew their current coverage can keep their insurability high and procurement simple by adhering to an in-depth cyber insurance renewal checklist. Included on this list are using a third-party auditor to verify compliance and policy requirements, constantly improving a security program by easing into frameworks such as zero trust and aligning policy and control requirements with direct carrier demands.   


DOWNLOAD:  Zero Trust: A Step-by-Step Guide

Cyber Insurance Provider Pain Points 

Today's cyber risks and threat landscape have also caused headaches to those issuing the coverage — the insurance carriers. One significant issue that's created difficulty in underwriting the coverage and adjudicating cyber insurance claims is the limited historical data the providers must work with.  

Relative to other risks like natural disasters, fire, or crime, cyber incidents haven't been around that long, considering the hundreds of years insurance has existed. This means a smaller sample size to reference when deciding whether to underwrite coverage for a business, for how much, and how much to pay out in a claim.  

Another problem is a general awareness of cyber risks and the types of attacks. By the time a carrier starts to understand the key indicators of one successful attack vector, a new one becomes prominent as enterprise IT infrastructures constantly evolve and unique Internet of Things (IoT) devices get added to the mix. Cybercriminals are extraordinarily skilled at quickly adapting to new environments and exploiting system vulnerabilities.   

Tips to Maximizing Cyber Insurance Claims

It's important to understand that because a carrier is in the business of making money, they look to maintain a solid loss ratio (claims paid divided by premiums collected) by minimizing the amount paid out within the scope of the policy. Based on data collected for the top reasons cyber claims payouts get reduced, here are five steps you can take to maximize your insurance claim:   

  • Utilize Strong Prevention Controls 

One of the main reasons payouts are reduced are poor incident prevention controls by the insured. While each carrier differs in the specific controls they'd like to see, most prioritize things like MFA for logging into network resources, a strict system of privileged access management, regular security awareness training for employees, and anti-malware installed on all endpoints.     

  • Implement and Enforce Governance Practices 

If organizational policies and procedures relating to cybersecurity were undocumented or unfollowed, then carriers can reduce claim payments. For instance, some underwriters want to see a written incident and ransomware response plan, documentation of the insured's cybersecurity program and technology assets, and proof that the procedures are being simulated and practiced.     

  • Avoid a Lapse of Coverage   

Limitations on the coverage time frame reduces cyber claims payouts. Therefore, organizations must be on top of their game during policy renewal to avoid coverage time gaps. Also, they should seek retroactive coverage that will back-date to cover losses occurring after the "retroactive date" and discovered during the policy period.   

  • Demand Adequate Insurance and Controls on Third-Parties 

Cyber insurance claims can be reduced because a third-party vendor, or contractor was at fault. As part of a robust program, ensure you vet third parties before working with them. Confirm they have solid security practices and a cyber liability insurance policy through certificates of insurance (COIs).  

  • Supplement Coverage with Errors & Omissions

Incidents resulting from errors and omissions (E&O) by the insured can reduce or negate a claim. Keep in mind that professional liability, errors & omission, and malpractice insurance cover businesses for negligent-related issues for their service. However, many assume that E&O covers cyber incidents or vice versa, which is not the case, and E&O coverage needs to be purchased separately.  

By starting early, proactively identifying any security gaps and documenting your security program policies and incident procedures you will increase your security strength and readiness for any potential claims. 

Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice. 

Access time-saving tools and helpful guides from our Faculty.

IANS + Artico Search

Our 2024-2025 CISO Compensation and Budget Benchmark Survey is Live!

Get New IANS Blog Content
Delivered to Your Inbox

Please provide a business email.