Steps you can take to get the most out of your coverage
Unfortunately, your business is one of the 66% of organizations hit by a ransomware attack during the past year. Luckily, you have cyber insurance in place; however, knowing the steps to take if a cyberattack occurs is critical to ensure you get the most out of your coverage.
Best practices in the event of a ransomware attack or cyber extortion
- Provide immediate notice to the insurer. You should promptly notify your cyber insurer and all other liability and first-party insurers of the ransomware attack. Your cyber insurance may not provide all the coverage; thus, notification to non-cyber liability policies such as liability, crime, and property policies is necessary. Delaying notice to insurers may result in the insurers arguing that notice was late and declining coverage for a claim that otherwise could have been covered.
- Secure consent from the insurer to pay the ransom. Extortion coverage often requires you to ask for written permission from the insurer before agreeing to pay the ransom. Without advanced consent, insurers may refuse to reimburse you for payments.
- Be mindful of cooperation. Insurance carriers constantly assert that cyber policies require you to cooperate with them. Their outside counsel will say that this requires the insured to do whatever the insurance carrier asks for, whether it is information relevant to the claim or information that only will help deny coverage. Insurance carriers want you to coordinate with them and relevant authorities, provide updated claim information upon request and work cooperatively to resolve the event and third-party liabilities.
- Think about “silent cyber.” Consider whether other insurance policies such as kidnap, ransom and extortion, crime, or property insurance policies could provide coverage for losses resulting from ransomware or cyber extortion. “Silent cyber” is the idea that other insurance policies, which are not sold as “cyber insurance,” can provide coverage for cyber risks, including ransomware and cyber extortion. Some cases show that other policies offer coverage for ransomware-related losses. Other policies could help provide coverage if your cyber program’s limits are insufficient or even to fill in the amount of a sizable retention in your cyber program.
- Pay attention to a “reservation of rights.” A reservation of rights is a letter from the insurance company admitting that coverage is implicated by the event while purporting to “reserve” the “right” to deny coverage later. Sometimes, reservation of rights letters are flat wrong. Maybe the carrier misunderstood the facts, the policy language, or the relevant coverage law. Either way, you need to pay attention to the reservation of rights letters and correct carrier misstatements.
Increasing Your Cyber Security Posture
We have security professionals ready to assist you if you need help reviewing your cyber security insurance or increasing your overall security posture. Reducing the risk of an incident occurring will ultimately save you time and money. Reach out to us today to learn the ways we can help you.