Cyber Insurance Part 2: The impact of a denial of a cyber claim
A claim denial can derail a business’ strategy to recover the costs incurred following a security incident. Here are two instances when businesses were denied payouts:
The Peculiar Case of the NotPetya Attacks1
Researchers at the Cyentia Institute reviewed the 100 largest cybersecurity incidents over the last five years, which accounted for $18 billion in losses, and discovered that the NotPetya ransomware accounted for 20% of those losses. Despite that, the pharmaceutical giant Merck and multinational food company Mondelez International are still in the process of claiming $1.3 billion and $100 million respectively through high-profile lawsuits. In both proceedings, the insurers cited the “war and terrorism” exclusion to deny the claims since in October 2020 the U.S. government indicted six Russian military personnel for the attacks.
When a Canadian Not-For-Profit Was Denied a Payout2
In a case settled in May 2021, Family and Children’s Services of Lanark, Leeds and Grenville (FCSLLG), a Canadian not-for-profit organization, failed to seek CAD$75 million in damages. The security incident involved an unidentified hacker who stole confidential reports and leaked them on two Facebook pages. FCSLLG initiated a third-party claim against Laridae, a company it had hired to revise its website. Despite holding two policies with the Co-operators at the time of the hack, the Co-operators denied coverage under both policies based on data exclusions. The policies excluded any loss “arising out of the distribution or display of data by means of an internet website.”
These incidents should serve as a glaring reminder for your business to completely understand where threats are most likely to emerge from and to ensure that potential losses are included in your cyber insurance policy. While certain businesses may be able to continue functioning as usual due to their financial prowess, you must ask yourself if your business can survive a major financial setback.
Navigating Compliance for Cyber Liability Insurance
While it may seem overwhelming at the outset, complying with your cyber liability insurance policy’s terms isn’t daunting when you have the right support. By leveraging our compliance process automation platform, we can help you with:
- Understanding the contracts in detail so that you are fully aware of what your policy covers and what it does not cover.
- Regular automated compliance assessment that will hand you a thorough and accurate analysis of your business’ compliance with the policy’s terms and areas that need remediation.
- Remediation services to ensure all the compliance risks are remediated the right way and at the right time.
- Compliance-specific documentation that’s free of human error, fine-grained and policy-specific to ensure your business can produce evidence of due care.
- Purchasing a cyber insurance policy that offers the right type of coverage at the right price.
We can help your organization comply with or acquire a viable cyber liability insurance policy that’s trusted by others in your industry. To learn more, contact us today for a consultation.