Nowadays, most specialists will tell you that relying of cyberinsurance is an essential "component" in mitigating the risks organizations face in the Digital Age. And they are right, of course. But, given the complexity of this new reality, the burning question is: can you rely on your cyberinsurance policy? Here are some considerations.
First, with the sharp rise in cyberincidents worldwide (in particular with Ransomware), it now takes at least half a day to fill out an application for cyber insurance with the assistance, preferably, of your IT specialist and your legal counsel. This is serious business since any "mistake", omission or misleading information may result in a denial of coverage with disastrous consequences.
Second, considering the potential damages involved in a cyberattack (operational downtime, delays in the supply chain, loss of revenues, personal information leakage, reputational damage, specialists costs to manage and resolve the crisis, costs to restore the network, ransom payments, non-compliance fines, lawsuits from clients, partners, employees, shareholders, etc.), it is essential for an organization to carefully identify the risks it is exposed to in order to get the appropriate insurance coverage it needs. Otherwise, when a incident occurs, the cyberinsurance might prove shockingly useless.
Third, it is paramount to understand the nature and the scope of the exclusions listed in a cyberinsurance policy to ascertain whether the coverage provided will adequately meet the needs of an organization. In so doing, it is important to keep track of the constantevolution of the cyber lansdscape and its potential impact on insurance issues. The claim (see link below) made by Mondelez International against Zurich American Insurance is a telling example. Essentially, Mondelez was informed that despite the fact it was covered for ransomware attacks, the Insurer would not provide coverage because the means used for the attack, "NonPetya", was considered to be a weapon of war (Russia) and therefore came under an exclusion (damages caused by an act or war..).
In light of the above, though Cyberinsurance is an important element to mitigate risks, it is certainly not a stand-alone option. It must be part of an overall strategy and handled with the utmost care and caution.
#cybersecurity #cyberattack #insurance #strategy
Oreo Giant Mondelez Settles NotPetya 'Act of War' Insurance Suit