[Webinar Recap] Use Risk Management and Insurance to Protect Your Company from Cybercrime
Union Risk Advisors hosted a panel discussion with Peter Halprin, Partner in the Insurance Recovery Practice Group at Haynes Boone; Valentino Papa, Client Executive of RCM&D; and Lacy Rex, Cyber Practice Leader for Oswald Companies.
Watch the full webinar to learn more about the latest cyber trends and how to prepare your organization here. Passcode: cybercrime24!
This session focused on how insurance and risk management can play a key role in minimizing the impact of a cybercrime and protecting an organization’s bottom line. The panelists emphasized that insurers must be familiar with the intricacies of their policies, explicitly state exclusions in coverage and use clear and concise language to avoid claim disputes and gaps in coverage.
Additional topics discussed during the session include:
The State of the Cyber Insurance Market
The cyber market has seen a lot of volatility over the last few years, but is beginning to stabilize and become more buyer-friendly. While we are seeing a significant increase in cyberattack attempts, organizations are becoming increasingly equipped to prepare for and respond to these attempts.
Panelists mentioned that systemic risk and aggregation will continue to determine the market outlook for the future. It is crucial to have cybersecurity controls in place and constantly look for areas for improvement to protect your organizations.
Cyber Business Interruption Claims
Panelists explained the difference between cyber business interruption coverage and contingent business interruption and whether damages resulting from a cyber-incident would actually be covered.
Our panelists were clear that ransomware coverage is the most commonly disputed, including the coverage time and dollar amount. Therefore, it is important that organizations obtain a full understanding of their policy limits to ensure there are no coverage gaps.
“War” Exclusion
Panelists covered a recent case study of Merck & Co., explaining how the organization incurred an estimated $1.4 billion in losses from the NotPetya cyberattack. The case involved exclusions on the insurance policy, due to the Russia and Ukraine conflict at hand. The verdict ruled that the war exclusion did not explicitly list “cyber” and therefore was not applicable. The ruling ended in a settlement, and the policy holders dropped the case.
Panelists emphasized that traditional war exclusions are unlikely to include cyberattacks, therefore insurers must review all exclusions and use clear language in the policy.
Privacy Regulatory Risks
The panelists defined BIPA (Biometric Information Privacy Act) and highlighted a popular question – do general liability policies provide coverage for BIPA and similar risks? It was mentioned that insurers are trying to limit their coverage on general liability policies and other coverage that is similar. This catch-all is leaving many questions for policy holders and legal teams.
The SEC New Cyber Disclosure Rules
The SEC is attempting to mandate disclosure rules in which companies will need to share information about cyber-attacks. The panelists stressed that you should ensure your organization is covered and has a plan to address all disclosures. All cybersecurity, legal and accounting personnel as well as critical business leaders should be aware.
Access the full webinar here to learn more about the importance of risk management and insurance in the cyber industry. Passcode: cybercrime24!