Read time: 3 minutes
Cyber insurance claims have grown significantly in recent years, driven in large part by the sharp increase in ransomware attacks, privacy and data breaches, and other cyber threats. At the same time, cyber insurance premiums have increased and underwriters have tightened standards, making it more difficult for companies to obtain adequate coverage. While it is very important to focus on terms and conditions as well as pricing when choosing an insurer and an insurance policy, it is critical to focus on the insurance application itself, which can be complex, lengthy and detailed. Here are three key tips to make the process more manageable.
Preventing an attack
Leave plenty of time to complete application
Whether you are applying for coverage for the first time or renewing existing coverage, start the application early and be prepared for a time-consuming process. Cyber insurance application forms have become quite lengthy in recent years, and insurers have begun to ask many detailed and substantive questions. Many companies are expected to make presentations to and field follow-up questions from underwriters. Starting as early as possible gives you time to prepare and follow up with the relevant personnel in your organization on questions you may not have the answers to.
Marshall resource team to tackle questions
Before beginning the application process, be sure to consult with your organization’s IT management team to collect the information needed to answer the questions on the application. Work with the IT management team to get a clear and complete picture of the structure and security protocols in, and data on, your organization’s network. Some of the questions on the application will call for your organization’s technical IT information and IT management teams to respond, and others may require information on claim history, anticipated activities such as changes to security measures, employee security education, whether the applicant collects or transmits personally identifiable information, and compliance with industry data security standards. However, do not simply delegate the task of filling out the insurance application to the IT department. It is critical to have the internal legal and risk management teams review the application and get involved early in the application process and for coverage counsel to review the information as well.
Avoid misstatements that might block future coverage
An important fact to know while filling out your cyber insurance application is that insurance applications are certain to be revisited by insurer claims counsel in the event of a claim and also may be discoverable in any potential future litigation. Therefore, it is imperative that you fill out the application carefully and truthfully, to the best of your knowledge. Misstatements in insurance applications, even inadvertent ones, may lead to serious legal consequences. In recent years, allegations that the policyholder answered application questions incorrectly or incompletely have become a standard defense for insurers against claims for coverage, especially in circumstances involving potential security lapses. Different policies and applications, as well as case law in different jurisdictions, may provide for how misrepresentations or omissions in an insurance application impact potential coverage for a claim. Some may provide that the claim is excluded, but in some cases, the insurer may have the right to attempt to rescind the policy. Different policies and jurisdictions also may indicate whose knowledge may be imputed to the company, among other issues. Experienced coverage counsel can assist in identifying risks associated with the application process and evaluating questions raised or issues asserted by insurers in the event of a claim.