Cyber Insurance claims denied

Does your company currently have Cyber Insurance???

It is about to get even more difficult to renew or obtain new Cyber Insurance policies than it already is.?In the past year, claims for Cyber breaches more than doubled and are cutting into the profits of insurance companies. Most insurance policies include an exclusion for Acts-Of-War, and many insurance companies have tried to use that exclusion to deny claims of cyber breaches that were perpetrated by nation-states such as Russia and China.?

In 2017, the Russian military orchestrated a cyberattack on Ukraine which became known as the NotPetya attack.?Even though this attack was directed at Ukraine, many U.S.-based companies were impacted including the giant pharmaceutical firm, Merck & Co.?The multiple insurance companies that Merck filed claims with denied those claims based on a nation-state being responsible for the attack and that falls under the acts-of-war exclusion.?Merck filed a lawsuit against the insurance companies for its over 1.4 billion dollars in damages from the incident.?

In January of this year, a judge in New Jersey sided with Merck, claiming the exclusions covered traditional acts of war and not cyberattacks.?With this court ruling, many insurance companies are now changing the language in their policies to be broader and allow them to deny more claims.?It also means that insurance companies will continue to be more selective in whom they choose to offer cyber insurance to.?

As a consultant, I am already seeing clients with long lists of network and security requirements that must be in place BEFORE they can be insured.?Many of these companies were blindsided by these new requirements and only had a few weeks to meet the deadlines.?Even if you are lucky enough to have cyber insurance, trust me when I say that you do not want to rely on that to keep your business afloat when you have a cyber breach.?Attention needs to be made towards tightening network security as well as business continuity and disaster recovery planning.?

How quickly you can recover from a cyber incident directly correlates to the survivability of the company.?It could also become a resume-producing event for the IT team.??

???????What can you do to protect your company and yourself from events like these??First, look at implementing a Zero Trust cybersecurity model.?Zero Trust is about not trusting any person, device, application, or workload by default.?This includes both inside your organization as well as outside.?Second, you must implement a multi-application recovery model that is tested frequently.?Third, you need to have an up-to-date incident response plan and conduct tabletop exercises to simulate emergency responses.

???????It has been said many times, but remember, hackers only need to get it right once to succeed; we as security professionals need to get it right every time!?Stay diligent and #neverstoplearning