3 Times Businesses Were Denied Cyber Insurance Payouts

Cyber insurance is a type of insurance that protects businesses from financial losses that can result from a cyberattack. While it’s an essential tool for businesses of all sizes, there are some facts you should be aware of before purchasing a policy.

Just because you have cyber insurance, it doesn’t mean you are guaranteed a payout in the event of an incident. This is because you may not have the correct coverage for certain types of cyberattacks or you might have fallen out of compliance with your policy’s security requirements. As a result, it is critical to carefully review your policy and ensure that your business is adequately protected.

Learn from the past

Even though these examples are from the United States, it could easily happen in Canada as well. Here are three real-life examples of denied cyber insurance claims:

Cottage Health vs. Columbia Casualty

The issue stemmed from a data breach at Cottage Health System. They notified their cyber insurer, Columbia Casualty Company, and filed a claim for coverage.

However, Columbia Casualty sought a declaratory judgment against Cottage Health, claiming that they were not obligated to defend or compensate Cottage Health because the insured didn’t comply with the terms of their policy. According to Columbia Casualty, Cottage Health agreed to maintain specific minimum risk controls as a condition of their coverage, which they then failed to do.

This case reminds organizations of the importance of reading their cyber policy, understanding what it contains and adhering to its terms.

BitPay vs. Massachusetts Bay Insurance Company

BitPay, a leading global cryptocurrency payment service provider, filed a $1.8 million insurance claim, but Massachusetts Bay Insurance Company denied it. The loss was caused by a phishing scam in which a hacker broke into the network of BitPay’s business partner, stole the credentials of the CFO of BitPay, pretended to be the CFO of BitPay and requested the transfer of more than 5,000 bitcoins to a fake account.

Massachusetts Bay Insurance stated in its denial that BitPay’s loss was not direct and thus was not covered by the policy. Massachusetts Bay Insurance asserted that having a business partner phished does not count as per the policy.

Although BitPay is appealing the denial, this case emphasizes the importance of carefully reviewing insurance policies to ensure you understand what scenarios are covered. This incident also highlights the importance of employee security awareness training and the need to reach out to an IT service provider if you don’t have a regular training policy.

International Control Services vs. Travelers Property Casualty Company

Travelers Property Casualty Company requested a district court to reject International Control Services’ ransomware attack claim. The company argues that International Control Services failed to properly use multifactor authentication (MFA), which was required to obtain cyber insurance. MFA is a type of authentication that uses multiple factors to confirm a user’s identity.

Travelers Property Casualty Company claims that International Control Services falsely stated on its policy application materials that MFA is required for employees and third parties to access email, log into the network remotely and access endpoints, servers, etc. They stated that International Control Services was only using the MFA protocol on its firewall and that access to its other systems, including its servers, which were the target of the ransomware attack in question, were not protected by MFA.

This case serves as a reminder that when it comes to underwriting policies, insurers are increasingly scrutinizing companies’ cybersecurity practices and that companies must be honest about their cybersecurity posture.

Travelers Property Casualty Company said it wants the court to declare the insurance contract null and void, annul the policy and declare it has no duty to reimburse or defend International Control Services for any claim.

Don’t be late to act

As we have seen, there are several reasons why businesses can be denied payouts from their cyber insurance policies. Sometimes, it could be due to a naive error, such as misinterpreting difficult-to-understand insurance jargon. In other cases, businesses may be maintaining poor cybersecurity hygiene.

Claritech Solutions can help you avoid these problems by working with you to assess your risks and develop a comprehensive cybersecurity plan. Feel free to reach out for a no-obligation consultation.

To learn more about cyber insurance, download our infographic titled “What Every Small Business Needs to Know About Cyber Insurance” by clicking here.

3 Types of Cyber Insurance You Need to Know About

As the world becomes more digitized and cybercrime increases, the need for cyber insurance is something businesses should not overlook. If your company handles, transmits or stores sensitive data, you need to know about cyber insurance.

Cyber insurance is intended to protect businesses from the monetary losses arising from a cyber incident that could jeopardize their future. It covers financial losses caused by events such as data breaches, cybertheft and ransomware.

Since small businesses often lack the resources or budgets of big corporations, cyber insurance can provide critical financial protection in the event of a cyberattack, helping them recover quickly.

Types of cyber insurance and what they cover

Although insurers may have their own specific classifications, cyber insurance can be divided into three broad categories:

Cybertheft insurance

With more and more businesses storing sensitive data online, the risk of cybertheft is more prominent than ever. As a result, ensuring that your company is adequately insured against this growing threat is critical.

Cybertheft insurance protects businesses from financial losses caused by digital theft. This type of insurance can cover a variety of cybertheft scenarios, including first-party cybertheft, embezzlement scams, payroll redirection and gift card scams.

Businesses of all sizes can be victims of cybertheft, and no business is too small to need cybertheft insurance. Therefore, even if there is a remote chance that your data or digital assets will be stolen, ensure you have cybertheft insurance for your business.

Cyber liability insurance

Cyber liability insurance includes third-party coverage for damages and losses, data breaches, regulatory penalties, credit monitoring and lawsuits.

Cyber liability insurance is a vital tool for small businesses like yours because the financial ramifications of a cybersecurity breach can be more severe than you can handle. This does not mean you should panic right now; it simply means that having cyber liability insurance can help your business recover and move forward even after a breach, without being stunted.

Cyber extortion insurance/ransomware insurance

Cyber extortion insurance protects businesses against ransomware attacks. This type of insurance can help cover the cost of ransom payments, recovery expenses, business interruptions and more. It can also provide access to a team of experts who can help with cyber extortion negotiations and forensics.

Keep in mind that an attack could still succeed even with the right cybersecurity solutions in place to protect your business. That’s why it’s critical to have cyber extortion insurance. It can help you recover from a ransomware attack and reduce the financial impact.

Let’s work together to ensure your success

Cyber insurance is a complicated and ever-changing industry. There are many factors that can influence whether or not you qualify for a payout in the event of a cyberattack, and trying to remain compliant with your insurance policy can be difficult. Working with Claritech Solutions can help you better understand your options and ensure that you have adequate security in place, increasing your chances of receiving complete coverage.

Not sure where to start? Contact us today to schedule a consultation. Our knowledge and experience may be just what you require.

We’ve also created an infographic titled “Cyber Insurance and Why Your Small Business Needs Coverage” that you can download by clicking here.

Cyber Insurance – How Claritech Can Help

When looking for cyber insurance for your small business, you may find it hard to navigate technology and insurance jargon. There are even different types of cyber coverage and you might not be sure what you need because you’re not a cybersecurity expert. Plus, once you do have coverage, there’s always the risk of not receiving a payout in the event of an incident if you didn’t meet your policy’s requirements.

Our clients find that partnering with Claritech makes their journey to qualify for cyber insurance easier in so many ways. Keep reading to find out how.

How Claritech can help you

Although we can bring a lot to the table on matters regarding security, backup and compliance to help you stay protected, in terms of cyber insurance, we also provide assistance with the following:

Auditing and complying with insurance policies

While meeting your cyber insurance policy requirements is ultimately up to you, you can improve your chances of receiving a payout following an incident by partnering with us.

The majority of insurance policies require you to take specific actions to reduce your risk of a cyberattack. These actions may involve maintaining strict security protocols and procedures, regularly backing up data and more. Claritech can help handle all of these and ensure that the appropriate security measures are followed to protect your data and comply with policy requirements.

We can also help make documenting your security measures easier.

Picking the right coverage for your business

Without a basic understanding of cybersecurity, it can be difficult to know which type of cyber insurance is best for your company out of the many available options (theft, liability, and extortion). We can evaluate your company and direct you toward the right coverage. The drawback of not having the right insurance coverage is that you’ll have to pay the premium and get nothing in return when you really need it.

Improving your cybersecurity posture

Insurance companies are wary of taking on too much risk due to the skyrocketing rate of cybercrime. Although this makes obtaining cyber insurance coverage challenging, it is not impossible. If you have a strong cybersecurity posture, your chances of getting coverage will be higher.

Claritech Solutions can help you assess your cybersecurity risks and recommend ways to improve your overall cybersecurity posture. We can also help you implement security controls and monitor your network for threats. If you do suffer an unlikely data breach, we also help you with the incident response process.

The decision is yours

If you’re hoping to qualify for a cyber insurance policy, a specialized IT service provider like Claritech can help. We can use our expertise and experience to help you choose the right policy for your business and meet your policy’s requirements. Feel free to reach out for a no-obligation consultation where you can decide if we’re the right partner for you.

To help you learn more about cyber insurance, we created a comprehensive checklist titled “Cyber Insurance 101 for Small Businesses” that you can download by clicking here.

Don’t Fall for These Cyber Insurance Myths

As the world increasingly moves online, so do the risks to our businesses. Cyber insurance is one way to help your business recover following a cyberattack. It covers financial losses caused by events such as data breaches, cyber theft, ransomware and more.

Cyber insurance can be beneficial in many ways since it typically covers the cost of:

  • Recovering data
  • Legal proceedings
  • Notifying stakeholders about the incident
  • Restoring the personal identities of those affected

Due to the complicated nature of cyber insurance, there are a lot of myths out there that can be harmful to your business if you fall for them. Let’s debunk them together.

Cyber insurance myths debunked

Busting the top cyber insurance myths like the ones below is necessary so that you can make informed decisions for your business:

Myth #1: All I need to protect my business from cyberthreats is a cyber insurance plan

This could not be further from the truth. Your insurance provider will only cover your business if you meet the requirements outlined in your contract. Most reputable insurers will require proof that you have been following the proactive measures outlined in your policy. If you can’t prove your compliance, your claims are unlikely to be paid.

One of the most common insurance requirements is that you have top-tier cybersecurity protection. Despite the availability of a variety of cybersecurity solutions in the market, keep in mind that not all of them are the same. Finding a solution that offers the best protection for your needs is crucial.

Myth #2: I don’t need cyber insurance since I have cybersecurity solutions

Even though cybersecurity solutions can boost your defenses, they don’t make you immune to cyber incidents. Yes, cybersecurity solutions can reduce the risk of a cyberattack by identifying and protecting vulnerable points in your system. However, no solution can provide complete protection against all threats because staying on top of emerging risks can be challenging.

Additionally, human error can always result in vulnerabilities in a system, regardless of how secure it is. That’s why it’s a good idea to have a cyber insurance policy in place to fall back on in case of an incident.

Myth #3: Cyber insurance is easy to get

As technology advances, so do the occurrences of cyber incidents. With small and medium-sized businesses being the most susceptible targets of cybercriminals due to a lack of enterprise-level protection, the likelihood of an attack is high. Consequently, insurers are reluctant to provide coverage since the risks are significant. While policies are still available, they are becoming more expensive and difficult to obtain.

Myth #4: If I have a cyber insurance policy, my claims will be covered in case there’s an incident

If you can’t prove that you’ve complied with your cyber insurance policy’s prerequisites, your claim may be rejected. This is why you might want to consider partnering with an IT service provider, like us. Claritech can help you remain compliant with your cyber insurance policy as well as provide evidence of such compliance.

Partner for success

It’s crucial to not fall for the above myths about cyber insurance so that your business qualifies to invest in a policy and receive coverage. However, it’s also important to remember that cyber insurance is something that demands a lot more time and effort than you might have.

To protect your business effectively, you should partner with an IT service provider like Claritech to help you understand how to increase your chances of receiving coverage and a payout in the event of an incident. Reach out to schedule a no-obligation consultation.

Additionally, we created an infographic titled “What is Cyber Insurance and Why Your Business Needs Coverage” that you can download by clicking here.