Cyber Risk by the Numbers

Why You Must Comply with Your Cyber Liability Insurance

If you think your cyber insurance claim will be approved with no questions asked, think again. When you file a claim, your insurer will assess whether you took “due care” to protect your business from cyberattacks. While having cyber liability insurance is essential today, you can’t be certain your insurer will cover your costs after a security breach. In fact, they may deny your claim for several reasons.

Hidden in the fine print of every cyber insurance policy are specific terms and conditions you must follow. That’s why it’s critical to check your compliance with the policy and address any risks that could lead to non compliance.

Let’s look at common reasons claims are denied, the impact of claim denials, and how the right support can help you stay compliant and protect your coverage.

Top 6 Reasons Your Cyber Insurer May Deny a Claim

Beyond seeking to minimize payouts, insurers often look for these reasons to deny a claim or limit payment:

1. Policy Exclusions

Policy exclusions are the most common reason for denials. If your claim relates to a scenario specifically excluded in your policy (often hidden in the fine print), your claim may be rejected.

2. Poor Prevention Practices

If you haven’t implemented required data security practices, your insurer may have an easy reason to deny your claim. Your policy will outline the security measures your business must follow.

3. Lack of Documentation for Preventative Measures

Insurers expect tangible evidence thorough, accurate, and up to date documentation of the preventive steps you’ve taken. Missing documentation can delay or deny your claim.

4. Third-Party Stakeholder Failures

Security lapses by vendors or third-party providers can affect your claim. If a breach involves a third party, your insurer may scrutinize the incident or deny coverage altogether.

5. Accidental Errors and Omissions

Mistakes or missing information in the documentation you provide can hurt your claim’s approval chances. Your evidence must show clear compliance with your policy terms.

6. Coverage Timeframes

Not all policies cover every loss period. If losses occur outside your policy’s specified interruption timeframe, you may not be fully covered.

The Impact of Claim Denials

A denied claim can seriously disrupt your business’s ability to recover after a security incident. Here are two notable examples:

The NotPetya Attacks

A review by the Cyentia Institute found that the NotPetya ransomware accounted for 20% of the $18 billion in losses from the world’s 100 largest cyber incidents. Major companies like Merck and Mondelez International are still fighting for payouts worth $1.3 billion and $100 million, respectively. Their insurers denied claims based on the “war and terrorism” exclusion, citing government accusations against Russian military personnel for the attacks.

A Canadian Not-For-Profit Denied Coverage

In 2021, Family and Children’s Services of Lanark, Leeds and Grenville (FCSLLG) in Canada was denied CAD$75 million in damages after a data breach. Their insurers denied claims based on exclusions for losses “arising out of the distribution or display of data by means of an internet website,” even though FCSLLG held two policies at the time.

These cases highlight the need to understand both your risks and your policy’s exclusions and to make sure your coverage fits your real world needs. Some businesses can absorb such losses, but can yours survive a major setback?

Navigating Compliance for Cyber Liability Insurance

Complying with your policy doesn’t have to be overwhelming, especially with the right support. Here’s how we can help:

• Policy Understanding: We help you fully understand your coverage what’s included, what’s not, and where you need to be vigilant.

• Automated Compliance Assessments: Our platform delivers regular, detailed compliance assessments, identifying any gaps or risks.

• Remediation Services: We address all compliance issues quickly and correctly, reducing your risk of claim denial.

• Accurate Documentation: We help you keep fine grained, error free records that demonstrate “due care” and policy compliance.

• Policy Selection: We guide you in choosing the right coverage at the best price for your business.

Whether you need help staying compliant or selecting a trusted cyber liability policy, we’re here to support your business every step of the way.

To learn more, contact us today for a consultation.

Sources:

1. Security Boulevard

2. Pallett Valo LLP

Article curated and used by permission.