What to Know About Cyber Insurance Claims

The Cyber Insurance Industry is well on its way to becoming a 20-billion-dollar industry. The weekly news regarding ransomware, cybercrime and cyberattack reports, identity fraud, and data breaches drives this growth.

If you have not been a victim in your personal or business life, you know someone who has. A 2020 study showed that data breaches and related incidences comprised 73% of insurance claims between 2013 and 2019. Headline news would support that trend continuing into 2023. One of the most common cybersecurity phrases has become “not if but when” regarding businesses becoming victims. However, relying on insurance isn’t your only responsibility in protecting your business.

Let’s dig in.

Insurance is purchased to protect your business from losses in an attack. Those losses often include significant legal fees, which your policy may assist you in covering. Additionally, many policies provide help in breach notifications and crisis services, and some will provide funds to compensate you for loss of productivity or clients.

But here are some interesting facts:

• Many businesses, between 45 – 80%, need more insurance to help them in the event of an incident.
• Approximately 25% of claims had policy exclusions that prevented payout. Often companies were unaware of those exclusions.
• SMEs represent the largest claim category, even though small business owners often feel they are not at risk. New and rapidly growing businesses are being targeted as criminals become aware of gaps in their preparedness.
• As cybercrime has escalated, so have claims – in 2022, there was a 100% increase.

After reviewing the above, it’s understandable that standard policies for breaches cover response, investigations, and monitoring services. However, companies must understand the difference between first-party coverage (things affecting your business like interruption and recovery) and third-party coverage (covering things like fines and media).

A risk assessment is warranted if you don’t have insurance or haven’t reviewed your policy recently. A large percentage of organizations move ahead with cyber insurance or make adjustments to policies after a risk assessment. This process can also help you understand holes in your security processes that may result in overpaying claims.

According to industry insiders, carriers expect, at a minimum, the following from your organization:

• Multifactor authentication
• Endpoint detection and response
• Patch management
• Identity and access management
• Secure backup procedure

Risk assessments can help your team identify if you’ve taken the proper steps concerning the above to be confident that your policy will pay out.

If you are a rapidly growing SME without an IT team or a cyber security expert on that team, partnering with an organization like Reclamere can be your answer.

Reclamere’s FREE 30-minute consultation with our virtual Chief Security Officer is a great place to start. The consensus is businesses need cybersecurity insurance, but it’s more than a simple signature and initial check that gives you peace of mind. Your leadership team must fully understand the type of coverage and exclusions and feel confident that exclusions will be avoided by proper internal management.

You don’t have to make these decisions alone; contact us to expand your resources.