You’ve Been Hacked – Maximizing Your Cyber Insurance Policy

Steps you can take to get the most out of your coverage

Unfortunately, your business is one of the 66% of organizations hit by a ransomware attack during the past year. Luckily, you have cyber insurance in place; however, knowing the steps to take if a cyberattack occurs is critical to ensure you get the most out of your coverage.

Best practices in the event of a ransomware attack or cyber extortion

  • Provide immediate notice to the insurer. You should promptly notify your cyber insurer and all other liability and first-party insurers of the ransomware attack. Your cyber insurance may not provide all the coverage; thus, notification to non-cyber liability policies such as liability, crime, and property policies is necessary. Delaying notice to insurers may result in the insurers arguing that notice was late and declining coverage for a claim that otherwise could have been covered.
  • Secure consent from the insurer to pay the ransom. Extortion coverage often requires you to ask for written permission from the insurer before agreeing to pay the ransom. Without advanced consent, insurers may refuse to reimburse you for payments.
  • Be mindful of cooperation. Insurance carriers constantly assert that cyber policies require you to cooperate with them. Their outside counsel will say that this requires the insured to do whatever the insurance carrier asks for, whether it is information relevant to the claim or information that only will help deny coverage. Insurance carriers want you to coordinate with them and relevant authorities, provide updated claim information upon request and work cooperatively to resolve the event and third-party liabilities.
  • Think about “silent cyber.” Consider whether other insurance policies such as kidnap, ransom and extortion, crime, or property insurance policies could provide coverage for losses resulting from ransomware or cyber extortion. “Silent cyber” is the idea that other insurance policies, which are not sold as “cyber insurance,” can provide coverage for cyber risks, including ransomware and cyber extortion. Some cases show that other policies offer coverage for ransomware-related losses. Other policies could help provide coverage if your cyber program’s limits are insufficient or even to fill in the amount of a sizable retention in your cyber program.
  • Pay attention to a “reservation of rights.” A reservation of rights is a letter from the insurance company admitting that coverage is implicated by the event while purporting to “reserve” the “right” to deny coverage later. Sometimes, reservation of rights letters are flat wrong. Maybe the carrier misunderstood the facts,  the policy language, or the relevant coverage law. Either way, you need to pay attention to the reservation of rights letters and correct carrier misstatements.

Increasing Your Cyber Security Posture

We have security professionals ready to assist you if you need help reviewing your cyber security insurance or increasing your overall security posture. Reducing the risk of an incident occurring will ultimately save you time and money. Reach out to us today to learn the ways we can help you.

6 Best Practices to Evaluate Cyber Insurance

Why Do I Need Cyber Insurance?

Cyber attacks threaten every business daily, and hackers’ demands are rising. Per the National Security Institute, “the average fee requested for a ransom was $5,000 in 2018, but it increased to around $200,000 in 2020. Can your business survive paying a ransom demand and the potential impact on your operations and customers? Cyber insurance can help protect you from the fallout of cyberattacks and hacking threats. It can also help minimize business disruption and potentially cover the financial cost of the attack and recovery. 

Do I need both Ransomware and Cyber Extortion Coverage?

As with any insurance policy, reading the fine print is essential. Cyber insurance policies may not cover both ransomware and cyber extortion. What’s the difference? 

Ransomware – hackers use malicious software to gain access to your company’s computer systems or files and block user access. Cybercriminals hold the data hostage until they receive a ransom payment for the encryption key. The attacker typically demands a cryptocurrency such as bitcoin as payment.

Early ransomware attacks demanded a ransom to unlock the data or a device. Hackers, however, often initiate “double extortion” attacks that require a ransom to both retrieve and prevent the publication of the data.

Cyber Extortion – in a cyber-extortion attack, the bad actors steal data, then tell the victim company what they stole. They nearly always provide a virtual “proof of life,” such as a picture of a file tree showing what network parts were infiltrated and might share a sample file. Then, they will demand payment to take the data offline, promising to destroy it.

What should I look for in a Policy?

Cyber insurance varies significantly among different carriers, and the cost will depend upon a combination of the coverage and your current security posture. When comparing policies, below are six best practices to evaluate insurance.

  1. Pay close attention to the application. Under many cyber policies, the insured represents and acknowledges to the insurer that the statements and information in the insured’s application are true, accurate, and material to the insurer’s agreement to accept the risk. The insured’s completed application might become part of the contractual terms between the insured and the insurer. Insurance carriers might assume that if the application contains a misrepresentation or omission material to the insurer’s acceptance of risk, even if the omission or misrepresentation was accidental, the policy provides it is void.
  2. Look for a coverage section called “cyber extortion” or “ransomware,” and make sure your organization buys that coverage. That coverage often includes the cost of paying a ransom and sometimes consists of the costs of investigating the cause and origin of the attack, as well as remediating it. Not every policy has this coverage written into the policy explicitly. If the policy is offered “cafeteria-style” – meaning the buyer must pick and choose the coverage to purchase – it is crucial to ensure the organization buys cyber extortion and ransomware coverage.
  3. Look for a coverage section called “business interruption” or “business income and extra expense.” This type of coverage section is often similar to a first-party property insurance policy’s coverage. It provides coverage for lost income and extra expenses from ransomware taking networks offline.
  4. Look for a coverage section called “network security liability.” This type of coverage will often cover the costs of defending and indemnifying third-party liability claims from customers or other third parties due to the failure of network security (often how ransomware and cyber extortion events occur).
  5. Consider the potential impact of any so-called “war” exclusion, particularly in light of recent world events. War exclusions have become the subject of debate regarding cyberattacks and insurance, with some current and significant coverage litigation disputing whether a “war exclusion” applied to NotPetya (a form of malware that looked just like ransomware). Some carriers have left their “war exclusions” alone; others have added significant verbiage to their exclusions. Changes to war exclusions could have a substantial impact on coverage.
  6. Avoid sub-limits and co-insurance. Some insurance policies set a lower coverage limit for cyber extortion and ransomware attacks. For example, a $10 million limit cyber policy may provide only $5 million for cyber extortion. Those seeking insurance should consider whether a proposed sub-limit amount is sufficient to cover a possible ransomware attack. Policies might also include co-insurance, a provision that carriers say requires the insured to match, dollar for dollar, amounts that the insurance carrier pays for ransom, or extortion. Certain insurers continue to provide a full limit of liability for ransomware and cyber extortion.

How We Can Help

The best way to reduce your cyber insurance costs is to increase your security posture and ensure your policy will pay if an attack occurs. If you need help, contact us to talk with one of our security experts to reduce and mitigate an attack and save you money on your cyber insurance.