An Illinois manufacturing company put in a cyber insurance claim after a 2022 data breach. Their claim was denied because their insurer found that they failed to use Multi-Factor Authentication (MFA) across all digital assets, which they had agreed to do in their policy. Smart businesses like yours are adding cyber insurance to their policies because they know this can help reduce business risk. But with cyber insurance premiums steadily increasing—rising 62% last year alone—you want to make sure your claim is paid when you need it most.
Denials are usually the result of an accidental but fatal misrepresentation or omission by businesses or simply not letting an insurer know about changes in their security practices. There are simple steps you can take to prevent a claim-denial doomsday:
- Find a good broker that will help you understand your policy.
Insurance policy documents are difficult to understand, and there are several parts you MUST understand, including: the deck pages (the first pages that talk about your deductible, total costs, and the limits of liability), the insuring agreements (a list of all the promises the insurance company is making to you), and the conditions (what you are promising to do). Find a broker that will talk you through these in great detail. If your broker will not get into this detail, find another broker. Call us if you need a referral to a quality cyber broker. - Understand the conditions.
Insurance companies are happy to write a check if you’re breached if and only if you make certain promises. These promises are called the conditions of the contract. Today, insurance companies expect you to promise things like using MFA and password managers, making regular data backups, and hosting phishing simulation and cybersecurity awareness training with your employees. - Make good on the promises.
If you’ve ever filled out a homeowners insurance application, you know you’ll get a nifty discount on your premium if you have a security alarm. If you don’t have one, you might tick “Yes,” with good intentions to call ADT or TELUS to schedule an installation. You enjoy your cheaper premium but are busy and forget to install the alarm (nobody comes around to check anyway). Then, your home gets broken into. This happens all the time in cyber insurance. Businesses promise to use MFA or host training but don’t enforce it. - Don’t assume the right hand knows what the left hand is doing.
Regularly review your policy and have an open and transparent line of communication with your IT department or outsourced IT provider so they can help you keep those promises.
Cyber insurance is a valuable tool for minimizing the risks of cyberattacks. Always be honest and accurate in your policy questionnaire and follow the best practices and recommendations of your IT provider as well as your insurer. Doing what you say you do is not only ethical, but also essential for coverage.
Reach out to us at IT Radix anytime to discuss this and other ways to minimize your cybersecurity risks.
First published in our February 2024 IT Radix Resource newsletter