Navigating the waters of Cyber liability claims can be complexand confusing for policyholders.

Events that may trigger a claim are sometimes nebulous, such aswhen a data breach is suspected but not yet confirmed.

Clients, especially those with little or no technology savvy,might also have difficulty getting claims approved if they’ve beenslow to identify and address potential threats. A business alsocould see its claim denied if it isn’t familiar with its policy’sexclusions and requirements.

Helping clients get the most out of their Cyber coverage meansmaking sure they get their claims covered when a breach or securityevent occurs. By understanding the most common reasons Cyber claimsare likely to be denied, agents and brokers will be better preparedto help policyholders get their claims successfully resolved.

Sponsored Download

Cloud-basedservice strategies can enable P&C insurers to reduce operatingcosts, improve key business processes and engage with customers inmore productive ways. Download this white paper to learm more.

Download Now

Late notice is perhaps the single most common reason a Cyberclaim is denied by a carrier.

This is particularly true if a policy is written asclaims-made-and-reported, as many Cyber liability policies are.Unless the policy has specific language that allows claims for aperiod of time after the policy ends (usually limited to just a fewmonths at most), then notification during the policy period is keyto getting these claims approved. In addition, notice of anyoccurrence that could lead to a claim also must be made to thecarrier in a timely and appropriate manner. Lagging on thealert to an insurer in any instance where claims activity couldfollow is setting the policyholder up for a denial.

Because clients who fail to submit their Cyber claims on timeare among the most likely to find their claims denied, they shouldbe made acutely aware of the need for timely notification of anypotential claims activity. This enables them to establish importantworkable protocols internally.

Related: How to develop a cyber strategy

Delays by IT or other internal groups in alerting the riskmanagement contact, for example, could jeopardize an eventualclaim. And because cyber threats can enter an organization througha number of avenues, the organization’s processes must beestablished in a way that minimizes potential delays.

System connections to a client’s network might fall outsidethe scope of the policyholder’s plan. (Photo: iStock)

Lack of understanding on coverages

Cyber liability policies don’t all cover the same types oflosses.

It’s crucial that policyholders understand which coverages theyrequire and which they actually have. Agents and brokers shouldwork with each client to ensure they’ve been matched with a policythat covers those types of exposures they’re most likely toencounter.

This may be dependent on a variety of risk factors, includingindustry, type of business (online versus brick-and-mortar, etc.)and type of technology or data assets that must be protected.

Policyholders also should be aware of their responsibilitiesunder the coverage they’ve selected.

This may include applying security patches, using encryptiontechnology or other measures. If the organization isn’t incompliance with these mandates, their claim could be denied by theinsurer.

Other types of coverages also vary from one Cyber policy toanother. Legal support may be included in some, but excludedin others. The purchase of any technology tools necessary toremediate an exposure aren’t always covered. A small business withsparse internal IT expertise is likely to have very differentexpectations than a large, tech-savvy consulting firm. If a policyisn’t closely tailored to the client’s needs, they may find theirclaims denied.

Exclusions within the contract language

Many businesses rely on third parties to provide a variety ofservices, such as payroll processing, cloud hosting andteleconferencing.

Similarly, those that generate revenue in thebusiness-to-business space have other companies as their clients.Whether their role is as a customer or a vendor, theserelationships have the potential to send the policyholder into asituation where their coverage doesn’t follow.

A claim related to an exposure that occurred while sharing datawith vendors, for example, may not be covered. System connectionsto a client’s network might fall outside the scope of thepolicyholder’s plan. Even the method of exposure could prompt aclaim to be denied. Fraudulent entry into one area of the networkmay be covered, while a compromise in other areas or throughspecific systems are excluded.

To avoid an unexpected claims denial, it’s vital thatpolicyholders review all contracts they enter into with vendors andclients alike.

This step will ensure their cyber policy will provide coverageto the extent they are agreeing to in their contracts. Is theinformation stored outside the organization’s network included inthe policy? Will externally generated data be covered if a breachoccurs within the policyholder’s system? It’s common to assume thata claim for either of these scenarios would be approved, but thatmay not be the case. Understanding limitations and exclusions ofthe policy is key to a successful claim.

Not involving the carrier early enough

Producers and policyholders have a great resource available tothem in the form of the carrier, and when in doubt, claims — eventhose involving questions or uncertainty — should be reported asquickly as possible.

This allows the carrier to investigate and determine if there isany exposure.

Policyholders will then have the concrete information they needto know they are not taking on undue risks. When clients wait tonotify the insurer, there are more likely to be potentialshowstoppers that result in the denial of a claim.

Joe Salpietro is cyber claims manager at cyber securitycompany IDT911 in Providence,R.I.

Related: Here come the accountants — the codification ofcyber risk

Join us and give us a Like on Facebook