J.S. Held’s Inaugural Global Risk Report Examines Potential Business Risks & Opportunities in 2024
Read MoreIn Part I of this series, we posed a series of questions to consider when purchasing cyber insurance. Our approach was deliberate: the right questions help get you the right insurance to address cyber risks facing your organization. Remember, seek the right coverage for you, not just any coverage.
Part I focused on:
Now to follow up in the second piece of this series, we identify not only how to answer some of the questions we posed, but also, what value those answers bring. Moreover, we identify some of the common gaps and how to address them.
You don’t know what you don’t know. Precision in language matters. Even the “ANDs” and “ORs” could significantly impact expectations and the claims process. It is incumbent on the policyholder to ask questions about definitions and qualifiers. Furthermore, do not be shy to ask scenario-specific questions either. Doing so will allow an organization to:
Having thought through these issues, and having answers or even best estimates ready, will help an organization right-size the cyber insurance policy for their business. Moreover, having discussions with a forensic accountant, alongside a cyber security professional, prior to a cyber event allows an organization to better prepare answers to many of the anticipated questions, well in advance. What is the net result? The organization is better positioned to manage incidents and their impacts, and the organization has established the necessary protocols in place to support its claim.
Many organizations underestimate the financial impacts of a cyber event. Business Interruption and Extra Expense policies may provide some coverage (e.g., loss of business income, overtime, travel expenses, and expedited deliveries to meet customer demands) but an organization may determine that additional coverage is needed to bridge gaps. The way to stay ahead of the curve is to reasonably calculate the potential loss of business income and extra expenses that may be incurred during an interruption, such as:
Given the complexity and uncertainties related to cyberattacks, impacts, and third-party dependencies, there is no clear-cut science to estimate losses. But an organization can begin to estimate their losses by having a better understanding of how their revenue streams may be impacted by a cyberattack. Here are some categories to look at:
Understanding how the business interacts with technology is essential to good planning. Specifically, mapping dependencies not only gives planners insights about how the business operates, but also gives them a glimpse into how a future incident may unfold. Effectively, the pain points are being identified ahead of time, and, in the case of an incident, one can see how the cascading issues play out. One way to think of dependencies is using these examples:
By going through this exercise, an organization is better suited to identify what types of gaps exist, see where external support is needed, and even identify potential risk areas both before and after an incident, including those that require follow-up work (e.g., lawsuits, reputational damage, exposures to greater expense, etc.).
Once identified, a final mapping exercise against the insurance policy should be performed. In essence, an organization that goes through this exercise is “exchanging business cards before the incident” and “pre-positioning assets.” Part of this “pre-positioning” or formalized planning can include identifying the forensics, response, legal, and public relations firms, and determining if they are an approved vendor. These third parties could be written into the insurance policy as approved vendors. This approach may even allow an organization to negotiate vendor hourly rates prior to an incident.
The purpose of this two-part series was to help organizations identify likely trouble areas that could arise during the claims process. If the organization has suffered an attack, proactively managing these issues helps an organization navigate a smoother claims process.
In closing, here are some of the biggest challenges we have seen when the proactive steps have not been taken, along with some quick fixes to them:
We would like to thank our colleagues Jessica Eldridge and George Platsis for insights and expertise that greatly assisted this research.
Jessica Eldridge is a Senior Vice President in J.S. Held's Forensic Accounting -- Insurance Services practice. She has over 19 years of investigative and forensic accounting experience in measuring financial damages involving business interruption, cyber, extra expense, stock, builder’s risk, employee dishonesty / fidelity, personal injury, subrogation, and litigation support services. She also has extensive experience with the administration of common fee funds and the oversite of property damage claims for large construction projects.
Jessica can be reached at [email protected] or +1 857 219 5720.
George Platsis is a Senior Director providing Digital Investigations & Discovery services in J.S. Held’s Global Investigations practice. Mr. Platsis is a business professional, author, educator, and public speaker, with an entrepreneurial history and upbringing of over 20 years. He has designed and delivered solutions, and led teams, to improve breach readiness, enterprise-wide and business-unit specific incident response programs, and estate hardening for a series of Fortune 100 clients in healthcare, media, financial services, manufacturing, defense, and commercial electronics industries, including support of clients in the small and medium business space. Additionally, he brings complex investigation and emergency management experience to businesses and individuals seeking to reduce their risk posture. George is a Certified Chief Information Security Officer.
George can be reached at [email protected] or +1 321 346 6441.
A common scenario we encounter is when a policyholder does not fully understand the scope and limit of their coverage. Although we do not interpret insurance coverage, let’s examine some noteworthy challenges we see policyholders...
While cyber was incorporated in some general liability policies (GL) of the 1980s, the first cyber standalone policy was written in 1997 through AIG. Though groundbreaking, as it was the first to address cybersecurity, it...
The purpose of this paper is to discuss some of the major work and financial matters forensic accountants focus on, including fraud investigations and insurance claims, and how they bring unique value to the process....