We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:


Risk in Context

How to Prevent a Cyber Loss From Becoming Catastrophic

Posted by Kevin Sullivan June 08, 2016

“It’s not if. It’s when.” You’ve probably heard that a lot about cyber risks. And it’s true, considering that cyber-attack was cited most often as the risk that organizations consider a critical threat, according to the 2016 Excellence in Risk Management survey.

As companies look for ways to better assess, manage, and respond to cyber risk, the breach-related claims process — which involves a lot more than just reporting losses — is getting more attention. That was the sentiment at the recent Advisen Cyber Conference in Chicago, where I moderated a panel of insurance industry experts discussing cyber claims best practices.

Cybersecurity mitigates breaches, and cyber liability insurance covers losses. After your systems have been hacked and sensitive data exposed, your claims process can make the difference between a loss and a catastrophic loss.

Notify Your Insurers

When it comes to claims, cyber losses may involve policies other than cyber liability — including commercial general liability (CGL) and commercial crime insurance, though exclusions may apply. So determining if a breach falls under your cyber policy should be your first step at the onset of a loss.

It’s critical to let your insurer know immediately of the breach — typically within a day — even before you fully determine if there was a monetary loss. Most cyber policies have a reporting provision where through a pre-arranged hotline you can report a loss, even if it’s over the weekend or during a holiday. This triggers services provided by many insurers — such as a breach coach — to help stop the breach and minimize the loss. Trying to resolve breaches yourself may exacerbate losses.

Be Ready to Execute Your Response Plan Quickly

Generally, the longer hackers have access to your systems, the more damage they can do. Having a claims process in place beforehand can help you quickly identify the problem, stop the breach, and minimize your loss. This includes:

  • A dedicated claims team that can be contacted to work with insurers and insurers’ vendors to mitigate the risk.
  • Pre-determined individuals who can assess a breach and quickly alert the insurer in order to mitigate the damage.
  • A claims protocol that outlines how to determine a cyber loss.
  • An organization chart illustrating who within the organization should first contact insurers.  

Once these claims protocols are established, you should consider practicing through simulated cyber situations and drills. Panelists in Chicago stressed the importance of drills in establishing communication lines and quickly beginning the claims process to stop a loss from getting worse.

Cyber breaches may be inevitable but the more prepared you are for them, the less likely they are to have a significant impact on your organization.

Kevin Sullivan

Managing Director, FINPRO