I had a great conversation with a family friend that owns a Farmers branch and Cyber Insurance was apart of every business insurance plan they sell.
After some research I found out that many Cyber Insurance plans will help with business extortion cases like ransomware.
All this made me want to learn more and I thought maybe the community could help with some insight.
Does Your Company have Cyber Insurance?
YES
NO
IDK…Should I Know?
16 Spice ups
Yes. But we call them backups.
8 Spice ups
Maybe we do maybe we don’t. Not sure I would know about management stuff like that.
1 Spice up
I would hope so, but I treat our company like we don’t. Hope for the best, expect the worst.
I said yes, assuming I could change my answer if need be, but it looks like I can’t.
I did when I had business insurance through Farmer’s, think they added it to my policy 3 years ago; maybe 4.
I think it was called, at one point at least, cyber terrorism rider.
Big Green Man:
I would hope so, but I treat our company like we don’t. Hope for the best, expect the worst.
I said yes, assuming I could change my answer if need be, but it looks like I can’t.
This is correct. Hope for best but prepare for the worst. Having cyber liability insurance doesn’t excuse your responsibility in making sure your network is secure. If you do your part, the insurance company will pay the claim if you are breached. However, there are many claims that will get denied because a business didn’t put the proper security measures in place to being with.
Here is a snippet from an article I wrote on the subject in 2015. I was researching cyber-security claims that were denied and came across Cottage Health Systems.
Just how important it is to follow the agreed upon security practices, came as a hard lesson to a company called Cottage Health Systems in December 2014. CNA, their insurance company, filed suit against Cottage Health Systems for $4.125 million paid on a claim made under Cottage Health Systems’ cyber policy. CNA claims Cottage failed to “follow minimum required practices,” which precludes coverage if the insured does not “continuously implement the procedures and risk controls identified in the Insured’s application for this Insurance.” In a nutshell, Cottage Health Systems reported to CNA that it had regularly re-assessed its exposure to information security and privacy threats, among other, more specific, data-protection procedures. CNA claims this representation in the application was false. Court records state 30,000 patient records were compromised because Cottage Health Systems allegedly stored such records on an internet-accessible system but failed to install encryption or use other safeguards. The California court agreed and granted approval of the $4.125 million settlement fund. It should be noted that further litigation is expected in this case and others that are denied in the future due to cyber liability application questions being broadly worded, leaving room for strong arguments on both sides.
Chris (WatchPoint Data):
Big Green Man:
I would hope so, but I treat our company like we don’t. Hope for the best, expect the worst.
I said yes, assuming I could change my answer if need be, but it looks like I can’t.
This is correct. Hope for best but prepare for the worst. Having cyber liability insurance doesn’t excuse your responsibility in making sure your network is secure. If you do your part, the insurance company will pay the claim if you are breached. However, there are many claims that will get denied because a business didn’t put the proper security measures in place to being with.
Here is a snippet from an article I wrote on the subject in 2015. I was researching cyber-security claims that were denied and came across Cottage Health Systems.
Just how important it is to follow the agreed upon security practices, came as a hard lesson to a company called Cottage Health Systems in December 2014. CNA, their insurance company, filed suit against Cottage Health Systems for $4.125 million paid on a claim made under Cottage Health Systems’ cyber policy. CNA claims Cottage failed to “follow minimum required practices,” which precludes coverage if the insured does not “continuously implement the procedures and risk controls identified in the Insured’s application for this Insurance.” In a nutshell, Cottage Health Systems reported to CNA that it had regularly re-assessed its exposure to information security and privacy threats, among other, more specific, data-protection procedures. CNA claims this representation in the application was false. Court records state 30,000 patient records were compromised because Cottage Health Systems allegedly stored such records on an internet-accessible system but failed to install encryption or use other safeguards. The California court agreed and granted approval of the $4.125 million settlement fund. It should be noted that further litigation is expected in this case and others that are denied in the future due to cyber liability application questions being broadly worded, leaving room for strong arguments on both sides.
Great find! I had a feeling that the burden of proof would fall on the IT staff in some way and stipulations about “minimum required practices” would be the answer. Now, I wonder if those “minimum required practices” are clearly listed in the insurance policy…
We do. But it’s my job to ensure that we never have to use it.
4 Spice ups
lbair2
May 24, 2017, 8:04pm
11
awesome this makes me feel better
richard14
May 24, 2017, 8:49pm
12
I don’t think we do but I know our CFO was looking into it at one point and getting quotes. I don’t think we ever purchased it though.
I don’t know. Family run business and I’m not in the loop.
I am luckily not in a position where a little downtime to rebuild servers and restore data would critically affect business. So I have backups and I don’t pay criminals.
1 Spice up
Marry a female family member and you’ll always be in the loop and have job security
Parker (Trend Micro):
I had a great conversation with a family friend that owns a Farmers branch and Cyber Insurance was apart of every business insurance plan they sell.
After some research I found out that many Cyber Insurance plans will help with business extortion cases like ransomware.
All this made me want to learn more and I thought maybe the community could help with some insight.
What a cool topic! SentinelOne currently offers cyber insurance in the event of a ransomware attack! If you experience a ransomware attack while using SentinelOne, we’ll actually pay the ransom (Up to $1,000 per endpoint and $1M per company). Check out our ransomware insurance FAQ here !
@SentinelOne
Robert,
“Ransomware Protection Guarantee” programs are actually what sparked my conversation with the family friend.
It’s a great concept for generating revenue but seemed like a legal nightmare for both the insurer and the party filing the claim.
KnowBe4 did a great piece on Cyber Insurance over the weekend as well.
[1088_WannaCryRansome.jpg]
The WanaCry ransomworm has caused insurance companies really to take notice. Customers have started to file damage claims, it is a bit early however to see the insurance industry's full exposure to this recent malware pandemic. For insurers, the main threat regarding WannaCry is not about any one individual company that gets infected but rather as an aggregated risk.
The estimated total financial damage caused by WanaCry in just the initial 4 days would exceed a bi…
@stu-knowbe4
1 Spice up
pgauldy
June 6, 2017, 11:22am
20
Be careful as most policies will be specific about any incident which can be tracked to a member of staff clicking on that link from Prince Muhammobma from Nigeria and may well not payout!!
