Like the rest of the world, cyber insurance companies are reeling from the sheer volume and intensity of cyber attacks taking place every minute of every day. Providers have increased their requirements and raised costs. Cyber insurance claim denial has also risen. Here are some of the common reasons for cyber insurance claim denials.
Top Cyber Insurance Claim Denial Reasons
Lack of Preventive Security Measures
Your cyber insurance claim may not be paid if the insurance provider shows you didn’t take precautions to prevent the attack. Without these defenses, your company is a sitting duck for a cyber-attack. To obtain a policy you will typically need to affirm that you have the insurance company’s mandated provisions in place. If you don’t have these measures, or fail to maintain them, your claim will be denied.
One of my personal pet peeves is companies that happily shell out thousands of dollars for cyber insurance, but at the same time skimp on purchasing even basic cyber security protections. It just doesn’t make sense. An insurance policy can mitigate the impact of a cyber event, but preventing an attack should always be the priority.
Poor Cyber Insurance Claim Documentation
If a breach happens, your insurance provider is not simply going to hand you a check. They will conduct an investigation to determine what happened and what caused the breach. Your insurer will want to see tangible evidence that you did your best to protect your network and systems. This means they will want documentation of the preventative measures you have undertaken to ward off cyberthreats. To avoid any hassles, you need to have thorough, accurate and updated documentation at all times.
Accidental Errors or Omissions
Making false statements on the insurance application can lead to your being denied coverage in the event of an attack. This is true even if the mistake is unintentional.
Many business executives are signing (verifying) that they have policies and protections in place, such as 2FA, a strength of password requirement, employee awareness training and data recovery and backups. The insurance application is usually a yes or no answer, with no room for explanation. For example, I recently heard of a company that checked “yes” to the question of do you have MFA. Upon investigation of their claim, the insurance company found a legacy server that didn’t have MFA. Even though everything else did, the claim was denied.
Policy Exclusions
Read the fine print. Your cyber insurance policy will include a list of exclusions, which are basically things it doesn’t cover. For example, a war and terrorism exclusion would mean you might not be covered if the cyber attack is perpetrated by a nation-state or terrorist organization.
Avoiding Cyber Insurance Claim Denial
If you have cyber liability or similar insurance policies in place, make sure you understand the policy in detail. Your insurance agent or broker should be willing to assist you with this process. I also recommend checking with your IT provider to confirm they have implemented the security standards, protocols and protections you agreed to and verified having in place when you applied for coverage. If you have questions about cyber security, or would like a free risk assessment, click here to schedule a phone consultation.
Feedback
If you have questions about this article, or if there is an IT topic you would like to know more about please email me your suggestions.
Referral$
If you know of a company that would be interested in the services of Invario, please email me the company name along with the phone number and email for the person we should contact.
That is all you have to do! Upon completion of the onboarding of a new customer, Invario will pay the equivalent of one month of Invario service to that customer. Recipients that cannot or do not wish to receive a referral payment may elect to have the referral fee donated to a charity of their choice or put into a company entertainment fund.