Cyber insurance claims

Responding icon - umbrella icon

Read time: 3 minutes

No single insurance policy can or will cover the swarm of difficulties and costs that arise after a large-scale cyber breach. Nevertheless, cyber insurance is vital, and other kinds of policies (such as kidnap, ransom and extortion coverage) may cover various stages of the breach response -- such as paying for forensic analysts and lawyers – but only if the policyholder understands them well. Understanding this list of 12 can be a first step to getting the most out of your policy in the event your entity is victimized by cybercrime.

1. Cyber insurance is vital. Cyberattacks are on the rise, and many property/business interruption policies do not cover the policyholder for system downtime due to cyberattacks.

2. Check your kidnap, ransom and extortion (KRE) policies. They may cover ransomware attacks (although it is becoming less the norm).

3. Cyber and KRE policies may cover the costs of independent forensic analysts, independent consultants, lawyers and others, either expressly or as loss mitigation. Importantly, many policies have pre-approved vendors and counsel that must be used, or require insurer consent before retaining any vendors or counsel.

4. Policies may cover publicity costs, particularly because reputational harm may be one of the largest damages to a corporation following a cyberattack.

“A steadily growing list of victimized companies have reported that other costs associated with an attack … [including] damage to company brand reputation … make the cost of the ransom look trivial. … According to the Tech Transformers, ransomware attacks cost smaller companies an average of $713,000 per incident, a combination of the expense of downtime and lost business due to reputational harm,” said James R. Slaby, an executive with cybersecurity firm Acronis. See “Understanding the true, hidden costs of ransomware attacks on the business: Paying the ransom is just the tip of the iceberg” on the company’s website.

5. Be aware of your coverage for notification costs. Your policy may or may not cover the costs of notifying those impacted by a data breach—even if those disclosures are required by law.

6. Check your retroactive dates. The average cyberattack takes 287 days from the day of the breach until detection. It is important to have coverage that pre-dates the inception of the policy to cover those events where the breach occurred prior to the start of the policy, but was not discovered until weeks or months later. See Josh Moore, “Top 10 List of Cybersecurity Facts for 2022”.

Key takeaways
  • Knowing exactly what your cyber and KRE policies do cover is important.
  • For coverage to work, claimants often must do things the insurer’s way, including vendors and forensic analysis.