Avoiding Cyber Insurance Denials

Imagine the scenario:

You’ve done your homework, found a solid cyber insurance carrier, filled out extensive paperwork to receive coverage, and feel protected. Then, the dreaded happens: you experience a cyber breach and have large expenses (legal, fines, etc.).

Well, at least your insurance will come through and make you whole. Right?

Unfortunately, cyber insurance denials are increasingly common. As threats have skyrocketed, pressure on insurers have increased—leading many to scale back coverage or cite exclusions for limiting their payouts.

Given this, it is no longer enough to simply secure coverage. Responsible hoteliers must understand the terms of their policies and ensure their organisations are positioned to meet them.

Fortunately, VENZA is here to help. Let’s get started.

Claim Validation

After a policyholder (in this case you) submits an insurance claim, the insurer will begin a claim validation process. During this stage, the insurer will identify the details of your claim and verify its validity.

To do so, the insurer will review the terms of your agreement and verify that your organisation is eligible for coverage based on its terms and exclusions.

In many instances, this results in a smooth outcome—the insurer will pay out coverage as contracted and both parties will move forward.

In other instances, which are increasingly common, insurers may find reason to pay only a partial amount, or, in the worst case, nothing at all.

How? According to a recent report by Delinea, the top reasons that businesses reported for insurance claim denials were:

*Lack of security protocols in place

*Internal bad actor

*Human error (misconfiguration, lost laptop)

*Acts of war

*Did not follow compliance procedures

*Acts of terrorism

*Did not report to insurance company first

Let’s dig into a few of these a little deeper.

Lack of Security Protocols

A lack of security protocols (also known as “failure to maintain,” “negligence,” or “failure to follow” prevents coverage for claims that are the result of the insured’s failure to maintain adequate security standards.

Common requirements of insurers include items like annual security awareness training, vendor management policies, and mandatory MFA. Organisations without these in place—or those that have them but with inconsistent application—could face denials under this exemption.

PCI Fines

Insurers may attempt to cover only direct damages (recovery costs, legal fees, etc.) from a breach and leave out important secondary items like PCI fines and assessments.

A notable example of this was the 2016 case of the restaurant chain P.F. Changs. After a data breach, Changs filed a claim with their insurer. The insurance company paid $1.7 million USD for direct damages but refused to cover the over $1.9 million USD in fines Changs owed to payment card merchant services. A federal court sided with the insurer and denied the claim.

Phishing

Insurers have often denied claims that they argue are the result of preventable human error. This comes into play in social engineering scenarios where the proximate cause of the breach was an unintentional mistake on the part of an employee (for example, improperly sharing credentials, downloading malware, or voluntarily transferring money to a scammer’s account in invoice fraud).

Failure to Document Preventive Measures

Even if you do have effective security measures and strictly enforce them, your insurer may demand documented evidence that you have taken preventive measures to stop cyberthreats.

To ensure a smooth claim process, you must have through, accurate documentation at all times.

***

Feeling overwhelmed? Don’t be. VENZA is here to help. Cybersecurity is complex, but in partnership with us, your company can get started in as little as one month. Get a live demonstration today by contacting our Customer Success Team.

Ready to elevate your game? Contact Sales to discuss signing up for our programs or adding new solutions to your contract.

***

Take VENZA’s free Phishing Test to assess gaps in your human firewall today!

Human Firewall

Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.

***

Want to stay informed? Subscribe to the free VENZA Echo now. You’ll receive a monthly digest with the highlights of our weekly article series and important product updates and news from VENZA.