Cyber breaches are an expensive reality in today’s digital world, projected to cost $10.5 trillion globally in 2025, according to Cybersecurity Ventures. If your business suffers a data breach, you must act quickly and strategically, not only to mitigate the damage, but also to maximize your chances of full recovery under your cyber insurance policy. Insurance companies routinely look for loopholes to limit their liability, and your insurer may exploit any missteps you make in the wake of a breach to deny or reduce your claim.
Promptly Notify Your Insurer
Like other types of insurance policies, cyber insurance policies typically require insureds to provide proper notice of a claim as soon as possible. Late notice can jeopardize your claim. Follow the exact procedures outlined in your policy for notifying the insurance company about your data breach. In addition to your cyber insurance policy, your other insurance policies, such as a general commercial liability policy, may provide some coverage for cyber-related losses. Be sure to promptly notify all insurers that may potentially provide coverage.
Carefully Review Your Policy
Carefully review your policy to understand your coverage and the applicable exclusions, deductibles and limits. Cyber insurance policies often provide both first-party coverage, which pays for losses incurred by your business, and third-party coverage, for losses suffered by clients, customers or others due to your data breach. Every policy is different, but first-party cyber coverage often includes expenses associated with investigating the nature and scope of the breach, assessing the damage and areas of the business impacted, containing the attack, restoring all affected systems, and developing a comprehensive recovery plan. As cyber breaches can lead to significant downtime, your policy may provide coverage for business interruption losses. Cyber policies usually cover the cost of legal counsel to advise on the steps you are legally required to take following a breach, and your policy may also cover the cost of hiring a public relations firm to help prevent reputational harm. Additional coverage may include the cost of identifying and notifying individuals whose personal data was compromised and, in some cases, victim credit monitoring. Some policies provide coverage for ransomware attacks, and they may cover cyber extortion fees if cyber criminals encrypt your computer systems, devices, or files with malware, lock you out of your system, and then demand a ransom to allow you to regain access.
If you manage the sensitive data of others, such as customers’ personally identifiable information (PII) like Social Security numbers, credit card numbers, or confidential health or legal information, third-party cyber insurance is particularly important. Your coverage may guard against claims alleging errors, omissions, or negligence brought against you by third parties in connection with your cyber breach. Cyber liability coverage may also cover the cost to defend you against actions brought by regulatory bodies, along with regulatory fines and penalties.
Follow Proper Claims Procedures
Your response to the breach should align with your insurance company’s requirements. Be sure to preserve all forensic evidence, which will help demonstrate the cause and extent of the breach. Track and document all response-related expenses, such as IT work, legal fees, public relations costs, customer notifications, and business interruption losses. Check your policy and communicate with your insurer to ensure you understand the insurer’s consent requirements before making response decisions, hiring vendors, and incurring costs. Submit a clear, well-supported claim that includes all relevant supporting documentation and demonstrates how losses are tied to policy coverage.
Engage Legal Counsel Early
Consider contacting an experienced cyber insurance attorney, who can advise you on steps to take in the immediate aftermath of the breach, and who can work closely with you on your claim submission. An experienced attorney can interpret confusing policy language and help you submit your claim in a way that will maximize your recovery. Your attorney can also push back on the tactics insurance companies use to limit their liability, such as narrowly interpreting the policy language, disputing the cause of the breach, or underestimating the value of your losses.
If your business suffered a data breach, or if your insurance company is challenging your cyber claim, contact Schwartz, Conroy & Hack, PC. We have the expertise, experience and tenacity to make insurance companies keep their promises to you and your business.
