Don’t invalidate Your Cyber Insurance

Don’t invalidate Your Cyber Insurance

April 11, 2018 Business Insurance and Risk Management, The Beacon Blog 0 Comments

All insurance policies require the policyholder to take reasonable care to reduce risk. Failure to comply with policy terms can result in claim denial, non-renewal or cancellation.

Cyber insurance is no different, but because policies are complex businesses and their employees may be unaware that workplace practices are not in compliance with policy conditions. Based on a recent article by Kirsten bay, president and CEO of Cyber adAPT, here are some considerations.

Data breach is a constant threat, and insurers want to know that data is properly protected. Employees need to communicate with their systems administrator how they collect, use and share data. The administrator should know whether this activity is covered by the firm’s Cyber policy, and if not take steps to change company procedures. Employees should inform the administrator if they are automating or digitalizing processes, as this may increase cybersecurity risks.

If data is stored in the cloud, the policy must be checked to be sure it is covered unless the cloud provider assumes liability in the service agreement.

The use of mobile devices to access business networks is becoming more common. These devices may belong to the business or to employees, and they may not have the same degree of protection. Cyber policies may not cover mobile devices, or exclude coverage for unencrypted devices.

Cyber policies which cover extortion or ransomware have specific notification requirements and coverage can be voided if employees pay a ransom without notifying the insurer. Some policies include a confidentiality agreement voiding coverage if its existence is improperly disclosed.

As part of a company’s internal policies and procedures, employees must be informed of how to respond to a cyber incident. This should include training to see how they would respond in practice. Businesses must improve their security measures and systems to keep up with developments. Firewall based systems are obsolete and detection-based security systems are current best practice. Insurers can provide technical advice on cybersecurity issues.

About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.