The Risk of Cyber Risk Insurance

The Word Is Getting Out

Not having some sort of cyber risk insurance in today’s world is like not having flood insurance if you live in an area prone to hurricanes. The key is to understand the terms of your policy and to use Cyber Insurance Manager to ensure that you remain in compliance with those terms.

Here are some news articles that underscore the hidden risks associated with cyber risk insurance.

What Does Cyberinsurance Actually Cover?

After the National Bank of Blacksburg in Virginia suffered two data breaches—one in 2016 and one in 2017—executives must have been pleased that they had planned ahead and purchased cyber insurance to cover exactly these types of incidents.
So it came as a shock to the bank when its insurer, Everest National Insurance Co., ultimately refused to pay out a significant portion of the bank’s claimed losses of $2.4 million, offering instead only $50,000 on the grounds that the breaches were not covered by National Bank’s computer and electronic crime insurance rider. In June, National Bank sued Everest for breach of contract and a larger portion of the breach costs in a lawsuit that highlights just how nebulous and unhelpful cyber insurance policies can be, as well as how little the companies purchasing those policies typically understand about their coverage.

Businesses Are Finding Out That Cyber Insurance Coverage Might Not Be What They Thought

Given the growing prevalence of data breaches, cyber attacks and network security failures, it’s perhaps no surprise that businesses of all sizes are exploring their options when it comes to cyber insurance coverage. But are these policies really going to cover them in the event of real cyber attacks? Evidence is building that many of these cyber insurance policies might be close to worthless, as insurance companies look for any excuse possible to avoid paying out the full amount of a claim.

Avoiding The Most Common Cyber Insurance Claim Denials

When it comes to cyber security and insurance, companies have been vocally concerned over finding themselves losing twice – the victim of both a cyber breach and cyber insurance claim declination. First they experience a security event which results in significant damages, then they discover their insurance policy will not respond. From hidden language, to sub-limits, we explore some of the more significant cases and areas in which carriers are declining coverage (or expected to decline coverage) and how to avoid them.

That is where we come in. Cyber Insurance Manager for Cyber Liability Insurance combines automated scanning, manual input, with machine-based auditing to produce verification reports for specific insurance carriers and demonstrate due diligence on an on-going basis.

Proving that you are providing “due care” for your network data is the only way to guarantee a payout.

Big Companies Thought Insurance Covered a Cyberattack. They May Be Wrong.

LONDON — Within days of a cyberattack, warehouses of the snack foods company Mondelez International filled with a backlog of Oreo cookies and Ritz crackers.

Mondelez, owner of dozens of well-known food brands like Cadbury chocolate and Philadelphia cream cheese, was one of the hundreds of companies struck by the so-called NotPetya cyberstrike in 2017. Laptops froze suddenly as Mondelez employees worked at their desks. Email was unavailable, as was access to files on the corporate network. Logistics software that orchestrates deliveries and tracks invoices crashed.

Even with teams working around the clock, it was weeks before Mondelez recovered. Once the lost orders were tallied and the computer equipment was replaced, its financial hit was more than $100 million, according to court documents.

After the ordeal, executives at the company took some solace in knowing that insurance would help cover the costs. Or so they thought.

Mondelez’s insurer, Zurich Insurance, said it would not be sending a reimbursement check. It cited a common, but rarely used, clause in insurance contracts: the “war exclusion,” which protects insurers from being saddled with costs related to damage from war.

Mondelez was deemed collateral damage in a cyberwar.

What You Need to Know About Cyber Liability Insurance

Because cyber liability coverage is still a relatively new product in the insurance world, policies between insurance providers can vary greatly as can deductibles and monthly premiums. Consequently, there may be room for negotiation. But make sure you have reviewed the application with your IT folks and have an understanding of any exclusion of coverage issues in the actual policy. As noted below, a business could have insurance but no coverage for a claim made under the policy.