Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Ask The Experts

9/23/2019
01:30 PM
Edge Editors
Edge Editors
Ask the Experts
50%
50%

How Can I Ensure Cyber Insurers Will Pay My Claim?

To get the best out of your policy, do more than just sign on the dotted line.

Question: I bought cyber insurance, but I still worry. If I experience a breach or other security incident, how will the cyber insurance company be likely to weasel out of paying my claim? 

Jeff Wichman, practice director, enterprise incident management at Optiv: In most cases, your cyber insurance company isn’t going to weasel out of paying a claim. My advice is to be prepared! 

Your provider is going to have a specific process/requirement for engaging with them and outside resources for an incident. Follow that process, and take these steps to be better prepared: 

  • Validate with your provider that your preferred partner is approved as either an on-panel or off-panel firm you can work with.
  • Update your incident response plan to include when and how to engage with your claim process. Now is the time to start building that into your documents.
  • Test, test, test your incident response processes using an applicable scenario-based exercise with your trusted third party. This can help you identify gaps in your efforts.

Do you have questions you'd like answered? Send them to [email protected].

Related Content:

 

The Edge is Dark Reading's home for features, threat data and in-depth perspectives on cybersecurity. View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
renglish98
50%
50%
renglish98,
User Rank: Apprentice
9/26/2019 | 9:21:25 AM
Cyber Insurance claim
The answer is not as striaghtforward as one would think. After notPetya, several firms had to sue their insurers who refused to pay the cyber claim as they argued that it was a state-sponsored attack and exempted via a force majeur clause.

Similarly, customers need to be constantly patching and remediating vulnerabiliies to demonstrate they are performing 'due care' and not unreasonably exposing their firm to cyber risk, which could be a claim denial justification.
   OVER THE EDGE
Building Cybersecurity Strategies in Sub-Saharan Africa

Filmed for Dark Reading News Desk at Black Hat Virtual.

LAURA TICH: We have that imbalance, where the big organizations are more protected, where the smaller ones -- which are the most common businesses in the region -- they are least protected... Sometimes they do get the tools, they do get the funding to buy some critical tools, but there's a lack of skills to handle or people who understand how to work those tools. So there are a lot of factors that contribute to our growth -- or lack thereof -- in the cybersecurity industry.

 

Name That Toon: Tough Times, Tough Measures
Latest Comment: Wear a mask, please!
Flash Poll