Cybersecurity Insurance: What Happens if You Fall Victim to a Breach?
With all the pandemic has brought with it, the climate has never been more ideal for the cyber criminal. Most of us are working from home via the internet. We’re also buying more—even household essentials—online. During the holiday season, online purchases will likely push virtual sales to new limits, making it open season for hackers.
Cyber Insurance is one means of protecting yourself from an unwanted event, but, unfortunately, it can’t prevent a cybersecurity breach. As the number of ransomware and compromised email events escalate, your Oswald team stands by you long after you’ve purchased a Cyber policy. Should you fall victim to a cyber crime, Oswald is prepared to advocate for you and oversee the response process during this incredibly stressful time.
Coordinating a Response Plan
Following an event, insurance coverage isn’t always on the forefront as resources are deployed to restore operations. Given the financial implications of this risk, it’s important to understand how the insurance and claims process works so you can maximize your coverage.
If you fall victim to a Ransomware attack and have a Cyber policy in place, the following tips will assist with the claims process:
- Refrain from using business email accounts as the threat actor could be monitoring emails. Avoid disclosing private discussions about your response and the availability of insurance proceeds as it will drive up ransom demands if the threat actor has email access. Instead:
- Create temporary email accounts, using Gmail or a similar provider that can be later deleted, or
- Use personal email for all employees involved in discussing the matter and for correspondence with the attorneys and the insurance company.
- Contact the local FBI or file an IC3 report here.
- This is a carrier requirement in most instances.
- The FBI often has useful information on the threat actor.
- You need to be sure you’re not negotiating with a terrorist group.
- Direct IT to disconnect all devices from the public internet.
- Know how your policy works with respect to coverage:
- Most policies require the insured to use carrier-approved third-party service providers for Legal (Breach Coach) and IT Forensics.
- Engage a Breach Coach for legal consultation on any actual or suspected privacy event (unauthorized access to Personally Identifiable Information (PII)) to determine whether the event triggers notification to affected individuals and/or a regulatory agency. Failure to comply with Breach Notification laws can result in the assessment of fines and penalties. It’s common to think of a privacy breach only in terms of unauthorized system access without realizing the broader scope. For example, theft of a company laptop or copying/scanning records on a copy machine that stores information (that isn’t deleted) also triggers a Cyber policy. In both these examples, your policy provides a Breach Coach to assist you in investigating whether PII was accessed. A Breach Coach will also advise you if notification under relevant laws or regulations is required.
- Refrain from attempting immediate data restoration to allow for a forensic investigation.
- Too often, insureds restore operations before notifying the carrier. This eliminates the opportunity for either a forensic investigation or coverage for the cost of a forensic investigation conducted by a vendor who falls outside the carrier’s approved service provider listing.
- Involve your IT representative, whether in-house or a third-party service provider, as they have the technical knowledge to effectively communicate with the carrier and IT Forensics.
- Check your policy for an after-hours hotline number in the event you are subject to an attack outside normal business hours for 24/7 reporting and response services. Have your policy number handy.
- Inquire about the resources that are available through your policy. Many policies offer a free initial consultation call with a Breach Coach. Many also provide access to pre-breach and risk management services to help mitigate risk before an incident occurs.
Employers Beware: Fraudulent Unemployment Claims
Similar to many other states, Illinois and Ohio are experiencing an increase in fraudulent unemployment claims. As an employer, be sure to confirm the validity of state unemployment notices before you respond.
We have experienced situations where our clients are receiving fraudulent notices of unemployment claims. Filing for unemployment benefits requires disclosure of sensitive information by the applicant, so employers will want to investigate whether the fraudulent claim originated on their end, and the result of unauthorized access.
If you believe fraud is involved, contact Oswald for consultation. Breach Response Services are included in cyber policies and can assist you in navigating through this type of situation. These policies often cover the cost of investigating a suspected data or security breach by a carrier approved IT Forensics firm.
Cybersecurity threats are an ever-increasing concern. A greater need for insurance products and the support of claims professionals goes along with this unfortunate trend.
Oswald has dedicated claims professionals on staff with the expertise needed to help our clients respond to an attack. Our claims team keeps current on the latest trends, knows the coverage and resources available behind the applicable policy, and can identify the claims handling needs associated with the coverage. In the event of the unthinkable, having a Cyber policy with a dedicated support team behind it means you won’t have to pick up the pieces alone.
Contact me directly for more information and stay one step ahead of a cybersecurity event.
Senior Claims Consultant
Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.