Is there anything better than getting a great deal? Extra innings in a baseball game, your Costco membership fee paying for itself in savings, the Taylor Swift Eras tour set lasting over three hours – these are just a few examples of getting the most out of your purchase. We are often skeptical of products and services these days given how anyone can become an influencer on social media and the credibility of reviews can be difficult to verify. The idea of “getting our money’s worth” now feels better than ever. However, we only feel that way when we believe we made the most of our investment.

As human resources professionals, chief financial officers, general counsel, and others involved in your organization’s risk management strategy, you likely spend a significant amount of time completing annual applications, substantiating the cost of insurance in your organization’s budget, and doing your best to protect your organization in case disaster strikes.

So, how do you get your money’s worth from your cyber liability insurance policy?

Understanding Common Cyberattacks

Unfortunately, no organization is immune from unexpected, costly events. Cyberattacks have become more common, more sophisticated, and more disruptive, and no one is immune from these types of attacks.

Common cyberattacks and claims include:

Phishing and social engineering attacks – Victims are deceived into providing personal and/or financial information, typically via email.

Security breach – An unauthorized access to your system, sometimes because of information acquired during a phishing attempt or as part of a ransomware scheme.

Ransomware – Malicious software designed to encrypt files on a computer system, blocking your access to your own system. Bad actors then make a ransom demand to provide the decryption key and threaten to sell or publish your data or delete it forever.

It’s crucial to be prepared with your incident response plan, which should start with notifying your insurance broker, like Holmes Murphy, and insurance carrier immediately upon learning of suspicious activity or unauthorized access to your computer system or financial accounts, given the extreme time sensitive nature of these incidents.

Create Your Incident Response Plan

Benjamin Franklin once said, “by failing to prepare, you’re preparing to fail.” He may not have imagined a world where this idea would be applied to cyberattacks, but that’s our reality today. Claims for cyber incidents are incredibly time sensitive, and the best way to put your cyber liability policy to use is to be prepared with an incident response plan.

The first step is always to immediately notify your broker and carrier. Ensure their information is available in an offline location so you can report the incident as soon as possible.

After you’ve notified your broker and carrier, here are a few items to consider when preparing to respond to common cyber incidents.

Ransomware or Security Breach Response Plan

1. Contain the breach by disconnecting internet access, disabling remote access, and changing passwords
2. Your insurance carrier will likely assign a breach response vendor after being alerted to the incident. Work with the breach response team to understand the scope of the incident and your legal obligations as a result of the incident.
3. Assess the damage with an internal investigation.
4. Don’t forget about mandatory disclosures. All 50 states have law requiring businesses to notify individuals of security breaches involving personal identifiable information. Also, certain industries may have additional notification obligations, such as healthcare organizations through U.S. Dept. of Health and Human Services – Office of Civil Rights and financial institutions through the U.S. Securities and Exchange Commission (SEC).

Phishing and Social Engineering Attacks Response Plan

1. If the attack prompted the transfer of funds by a victim, contact financial institutions to request a block of the transfer or a retrieval of funds.
2. Report the incident the appropriate government agency, such as the US Secret Service or the FBI, within 24 hours.

Your plan should also consideration how to resume operations most quickly. Backup operations can help mitigate the damage, and alternative payment and collection methods can ensure business continuity in the meantime.

When the dust settles after a cyberattack, continued collaboration between your business – a.k.a. the insured – and your broker, carrier, and the technical experts who responded to the incident is crucial. Make sure you provide the necessary information and act on the advice from the experts, and remember to preserve a detailed log of the event.

Preparation and Prevention of a Cyberattack

Set yourself up for success by protecting your data and preventing cyberattacks before they start. Here are some ways to get you started:

• Ensure software and operating systems are up to date
• Use firewalls to block access from malicious IP addresses
• Utilize multi-factor authentication
• Regularly back up your data
• Strengthen your spam filters to prevent phishing emails
• Scan incoming and outgoing emails to detect threats
• Call an official phone number to verify any requested change in bank wiring instructions

In addition to these tips, it’s critical to heed technical advice from your team or consultants and not to delay notifying your carrier and broker when a cyberattack strikes.

Work With Our Cyber Liability Experts

Of course, we always hope incident response plans will never be needed, but as Ben Franklin said, failing to prepare is preparing to fail.

When you do experience a cyberattack and need to file a claim, ensuring your cyber policy covers all your bases may not be as exciting as an extra hour hearing your favorite artist perform, but you can have peace of mind knowing you got your money’s worth.

If you have questions about your cyber policy, our experts are here to help. Reach out today and let’s talk!