Examining cyber risks and coverage options
A new report from RIMS shares some insights on cyber insurance and handling the resulting claims from an event.
Cyber risks are constantly changing as bad actors develop new ways to use malware, phishing schemes, distributed denial of service attacks and other applications to cause disruptions and capture information from computer systems worldwide. Their goal can be obtaining money through ransom, seizing intellectual property or proprietary information, or causing damage to infrastructure and physical property. No entity is immune to these risks, which means the number of claims will only increase.
Related: 5 takeaways from recent cybersecurity developments by Colorado & the SEC
Keys to managing cyber claims
A new report from RIMS provides insights for risk professionals tasked with managing their organization’s cyber risks. “A Guide to Cyber Insurance” finds that “while cyber risk management policies are necessary for every organization, reducing a category of risk to zero is impossible. Cyber insurance can help cover the gaps between a robust risk management program and any remaining risks.”
When a breach occurs, a company should notify the insurer as soon as possible. Adjusters should be aware that a company’s electronic data is particularly vulnerable and it is easy for critical evidence to be lost. Notice of the breach should be reported within the carrier’s predetermined time frame in the policy to ensure coverage.
Because a policyholder is dealing with a multitude of issues following a breach, the report says some companies may engage coverage counsel if they lack the internal expertise needed to address the situation.
After a claim is filed, an insured may be required to provide the insurer with copies of legal papers and authorization to obtain any records or other information that could be pertinent to a lawsuit or to enforce the insurer’s rights if a third party is actually responsible for the breach.
The report goes on to say that, “a breach of duty to cooperate can operate to relieve the insurer of liability under the policy. Many courts have softened this rule by requiring the insurer to demonstrate prejudice as a result of the breach.” However, policyholders are encouraged to respond quickly to avoid providing insurers with a reason to deny coverage of a cyber event.
When requesting access to records and other information, an insurer must show the request is material to the investigation of the claim. Insureds should ask the insurer whether data that is sensitive or proprietary is critical to the investigation to ensure it fully complies with its responsibilities under the policy.
Related: New cyber regs make SignOn Once imperative in insurance
Calculating the loss
The policyholder must submit supporting evidence to prove the value of the loss. Preparing the data may include the use of a forensic accountant to determine how the loss affected a company’s operation, experts to help the company comply with federal and state notification regulations, and other specialists to handle various outcomes of the cyber event.
According to the report, “The organization should be meticulous in preparing its proof of loss, as it can limit the right to recovery if the submission undervalues the loss or if it is not substantiated by the evidence.” In the addition, the report advises that “coverage counsel should review the form from a coverage perspective, and economic consultants should assist in its preparation or review the form before submission to ensure that the proof of loss accurately reflects the full scope of the loss.”
The report was authored by four members of the law firm Bradley Arant Boult Cummings: Dylan C. Black, A. Kate Margolis, G. Benjamin Milam and Emily M. Ruzic.
Patricia L. Harman is editor-in-chief of Claims magazine. Contact her at pharman@alm.com.