J.S. Held Strengthens Forensic Accounting and Financial Investigations Expertise and Expands Suite of Services in Canada with Acquisition of ADS Forensics
Read MoreCyber risk is now a normal part of our personal and professional lives. When companies suffer a cyber incident, they often look to their insurance policy for coverage to help mitigate the financial exposure. Additional external resources, such as incident response firms, also help the insured get back to normal operations.
A common scenario we encounter is when a policyholder does not fully understand the scope and limit of their coverage. Although we do not interpret insurance coverage, let’s examine some noteworthy challenges we see policyholders face when navigating through an insurance claim.
This is a two-part series. Part I poses a series of questions to assist insureds or policyholders in thinking through the common issues and in identifying the potential challenges of not addressing these concerns. In Part II, we present some strategies to help organizations further reduce their risk posture.
In this piece, we cover five themes the policyholder should understand:
Unlike other types of insurance coverage (e.g., property, commercial general liability), cyber insurance changes quickly due to fast-changing threats, and as the industry evolves and adapts. Therefore, when reviewing policy language, some questions to consider are as follows:
It is important for the insured to have an understanding of the policy and consult with professionals such as brokers, counsel, and insurers for any questions regarding the interpretation of the insurance policy.
If insurance purchasers lack a good grasp of what is covered, have a professional assist with determining what policy and limits fit the organization’s needs.
If a company purchases a policy and assumes reimbursements for all their damages up to the coverage limit, a significant pitfall may be lurking. Furthermore, even when you think you have the proper policy, errors and omission (E&O) policy may be a worthwhile investment to consider. Some additional considerations:
Additionally, with the increased use of information technology (IT) in operational technology (OT) environments – especially in select industries – an incident that originates as a cyber event could very well end up causing physical damage. This means property insurance could come into play. However, there is typically an exclusion or lower policy limits under an insured’s property policy.
When a claim or proof of loss is submitted to an insurer, a numerical value will always be attached. But can that claim amount be validated as an insurable loss? Quantifying financial impact post-incident requires supporting documentation and some sound thinking and development, including:
Also remember that period of indemnity – the period of time for which indemnity is payable under a business interruption policy – will impact quantifying damages, making it one of the most critical components of quantifying the business interruption loss. Some questions to ask are:
If there is a misalignment here, there may be challenges during the claims process. The greatest misalignment is having no incident response plan at all. But assuming one exists, ask the following questions:
For even the most prepared, a risk always exists that something falls through the cracks. The first step to forestall this risk is avoiding the “one size fits all” coverage: specifically for policy coverage limits and premium payments. Some issues to keep in mind:
Understanding the business and how it aligns with your insurance policy is critical in calculating your losses.
This may be stating the obvious, but insurance coverage by sector (e.g., manufacturing, retail, healthcare, etc.) all differ based on industry norms and requirements, which is why it is vitally important to understand how the policy meets the organization’s unique needs.
Cyber risks are changing, and cyber insurance is evolving with the changing landscape. In turn, businesses also need to stay informed about these changes to mitigate losses, prevent losses from occurring, and ensure adequate coverage for their specific risks.
To overcome challenges, organizations need to be proactive and not reactionary. It is important to plan and document all claimed costs. Partnering with professionals who have experience in the pre- and post- incident phases can tailor the policy and premium payments for your organization. These professionals could include risk managers, brokers, insurance, breach coaches, counsel, incident responders, forensic accountants, and digital forensic experts are just a few.
Part I was designed to pose questions to consider when reviewing cyber insurance policies. Moreover, these questions are meant to help policyholders understand what could delay the claims process.
In Part II, we will offer examples of real-life challenges experienced during the cyber claim process and how an insured may avoid these experiences.
We would like to thank our colleagues Jessica Eldridge and George Platsis for insights and expertise that greatly assisted this research.
Jessica Eldridge is a Senior Vice President in J.S. Held's Forensic Accounting -- Insurance Services practice. She has over 19 years of investigative and forensic accounting experience in measuring financial damages involving business interruption, cyber, extra expense, stock, builder’s risk, employee dishonesty / fidelity, personal injury, subrogation, and litigation support services. She also has extensive experience with the administration of common fee funds and the oversite of property damage claims for large construction projects.
Jessica can be reached at [email protected] or +1 857 219 5720.
George Platsis is a Senior Director providing Digital Investigations & Discovery services in J.S. Held’s Global Investigations practice. Mr. Platsis is a business professional, author, educator, and public speaker, with an entrepreneurial history and upbringing of over 20 years. He has designed and delivered solutions, and led teams, to improve breach readiness, enterprise-wide and business-unit specific incident response programs, and estate hardening for a series of Fortune 100 clients in healthcare, media, financial services, manufacturing, defense, and commercial electronics industries, including support of clients in the small and medium business space. Additionally, he brings complex investigation and emergency management experience to businesses and individuals seeking to reduce their risk posture. George is a Certified Chief Information Security Officer.
George can be reached at [email protected] or +1 321 346 6441.
As businesses continue to rely on computers and digital storage of important data, cyberattacks are a growing potential threat to these organizations—especially now, as businesses have transitioned their workforces to work remotely. There are many...
The purpose of this paper is to discuss some of the major work and financial matters forensic accountants focus on, including fraud investigations and insurance claims, and how they bring unique value to the process....
In this article, we will be examining the technical and business impacts of a ransomware attack and what steps should be performed after ransom payments have been made. We will explore the common errors most...