Why in-house expertise matters in cyber claims

The following article was provided by Resilience Insurance.

When an organization discovers a cyber incident – a ransomware attack, a data breach, or a network disruption not caused by cybercriminals – the first moments could very well be an emergency. In an emergency, our impulse is to dial 911 so that the dispatch center can send qualified first responders right away. Organizations need to realize that there are first responders for cyber events, too.

The most important part of a cyber insurance policy is the claims service that supports the promises made in the coverage contract. That is, to be there in case of an emergency. When a business experiences a cyber claim, it needs a single point of contact capable of coordinating a team of professionals with complex technical expertise. A crisis is not the time to vet new partners or wrestle with contract language. When a cyber incident occurs, the victim organization needs urgent help. The best way to get help from trusted resources is to build those relationships before they’re needed.

Most cyber insurers suggest they are a one-call-does-it-all solution on cyber claims. Many, if not most, cyber insurance policies offer access to outside professional resources, ranging from forensic investigators to legal services and breach coaching, often at lower rates than the policyholder could obtain on its own. But a claim is a poor time to discover that not all cyber insurers – or their partners – are equal. The claims experience can differ markedly from one cyber insurer to another because very few have in-house technical expertise on cybersecurity.

Value of in-house expertise

Cybersecurity experts on an in-house claims team give policyholders the peace of mind that not only will they survive a cyber incident, but they will emerge stronger when the claim is closed. The ability to consult with in-house cyber experts offers advantages that outsourced support simply cannot.

• On-call answers to technical questions. Policyholders can raise issues both large and small and get straight answers to technical questions about cybersecurity – even if an incident doesn’t lead to a claim. That is a peace of mind that few cyber insurers can offer.
• Relevant threat intelligence. To mitigate cyber risk, policyholders don’t have to rely solely on their own internal resources, antivirus software, or endpoint protection. They can gain real-time or near real-time threat intelligence from experts at their insurer, whose knowledge of security trends, vulnerabilities and claims activity can inform policyholders’ decisions about improving their own security.
• Claim triage. Cybersecurity expertise that resides in-house can be particularly valuable in assessing and mapping out solutions when cyber events do happen. Such experts also can observe a policyholder’s incident response plan in action and propose ways to become more resilient to cyber risks.
• Better outcomes. In-house cybersecurity experts have a role to play in achieving better results when claims do occur. Through rigorous assessments, these experts identify gaps and weaknesses that policyholders can fix, reducing the impact of an attack, if not outright preventing it.
• Fulfilling underwriters’ promises. As we all know, an insurance policy is a pledge to pay when a claim occurs, according to the terms and conditions in the coverage contract. Some insurers, frankly, look first for ways to avoid paying claims. A cyber insurer that focuses instead on acting with integrity will see claims as opportunities to fulfill the underwriters’ commitments to help organizations through their worst days after experiencing a cyber event.

At the very fundamental level of business transactions, the cyber risk of the insured is also the cyber risk of the insurer. When cyber risks are mitigated through security and insurance, all stakeholders win. The policyholder avoids a costly incident and remains resilient. The broker involved knows the reduction in total cost of risk will have a positive impact on other parts of its client’s risk management program. The primary insurer builds trust with its customer, and reinsurers preserve their risk capital to address more significant claims. Cyber risk is pervasive – virtually every organization around the world has cyber exposures – so clients should carefully review their insurer’s claims payment history; whether they outsource the department that makes good on their promises or fulfills those promises themselves is a big deal.