Three words of internet insurance policy every marketer should know

Given the rapid evolution of cyber solutions, including incident response and continuous services, it's no surprise that discussions about cyber insurance's role in protecting policyholders are changing.

Reflecting on what this means for consumers, James Burns (pictured), head of computing strategy at CFC emphasized the importance of focusing on insurance as a promise to pay and, increasingly, a promise to protect. There is still a lot of variation between different cyber insurance products, he said, and those differences can have a big impact on the timing of a lawsuit.

One – The difference between data acquisition and data recreation

Not all policies are created equal, and for consumers, the challenge is to distinguish between coverages that may seem very similar but are actually very different depending on how the policy is worded, or how the policy is structured. An example of this subtle nuance is the difference between data mining and data acquisition in online insurance policies. “That one different word completely changes the type of coverage available under the policy,” he said. “And I think it's something that retailers need to be aware of.”

Most cyber policies will include data recovery, which is often used when the insured has had their data or systems encrypted or compromised by a threat actor, usually through ransomware. Data recovery includes the cost of electronically reassembling that data to the point where it can be retrieved by computer. But what happens when data critical to a business's operational capabilities is not recoverable electronically?

“That's where data entertainment comes in,” he said. “Data recreation involves the cost of recreating that data set from scratch, often using outside experts to recreate the data sets in their previous state. Burns cited a recent example of this when a CFC-insured engineering firm was attacked by ransomware, which encrypted all data files on its servers and all data backed up on its local hard drives.

“They thought that they had been saving information on a cloud server, but when they went to restore those backups, they found that they had been failing for the past four years,” he said. Therefore, all the files related to all the projects and proposals they had at that time were completely unavailable. To add insult to injury, the threatening actor did not respond at all so paying the ransom was not an option for them; they were completely stuck, unable to continue serving their clients without accessing the files.”

The data recreation aspect of the client's policy means the engagement of external developers to assist the management team in recreating what was in those important business files. “Over a period of months, they have recovered almost everything that was lost to the value of around £200,000, which has been paid in full. But if the policy hadn't included that one word – recreation instead of just recovery – there's a good chance they couldn't do any of this and would be out of business.”

Two – why unlimited returns is a change for policyholders

Another important consideration includes unlimited cashback, which may not be readily apparent to sellers. “Most internet policies provide the policyholder with a single coverage limit. So, you buy an internet policy with a limit of £1 million, with £1 million liability, £1 million business interruption, £1 million liability and so on. But those limits are always below the £1 million policy total, so with each claim the policyholder clears that limit.

“So, if they have an incident that creates a £1 million claim, they have no money left over for any issues that may arise during their policy term. Unlimited return allows full return of certain limits to ensure that the policyholder is fully protected in the event of more than one incident during the policy period.”

Given the high frequency of computer attacks today and the costs involved, businesses face the prospect of more than one attack in a relatively short period of time. Unlimited recovery means that retailers can assure their clients that even if they suffer a devastating attack, their coverage will support them in any subsequent incidents. “It has returned to the nuance and how the words in the policy can change the way that policy works. And that can be easy for marketers to miss because they're not used to seeing the restrictions in internet policy work this way. “

Third – what are nil deductibles and why are they so important?

The third important area that sellers need to pay close attention to is that there are no deductibles. It is a consideration that is perhaps more important in the Internet than in other lines of business because the speed of response is so important in reducing the impact of an Internet incident. The sooner the coverage provider is alerted, the sooner they can engage their technical experts and first responders to assess, contain and remove the threat.

However, some businesses avoid contacting their online insurance companies immediately because they worry about large upfront costs in the form of excesses or deductibles, or worry about creating a claim for a small event that could increase their future premiums. So, rather than negotiating with their insurer about something that may seem trivial, they will wait and see how the situation develops and only notify them if it starts to look serious.

“But when it comes to cyberattacks, every second counts,” Burns said. “If you wait and see how the situation develops, by the time you notify your insurance provider, the situation could be worse and more expensive than if you just called immediately.”

He advised brokers to look for policy terms that provide quick response services where there are no deductibles. That nuance of the wording means that policyholders can notify their insurer if they suspect something is wrong, without the burden of paying for an initial response, without having a claim automatically triggered, and with access to an in-house expert team. Insurers should feel comfortable accessing the information of insurance brokers and depend on their services in their time of need. This approach is proven to lead to the best results – reputationally, financially and operationally for policyholders.

Cyber ​​products have evolved into more than just policy words, but policy words remain powerful – any business disruption argument reflects that. Sharing his key message to sellers, he asked them to take the time to understand exactly what the language used in the internet policy means, and rely on their insurance for support.

“Ask your insurance questions,” he said. “Give them the conditions and say, 'Is this covered under your policy? What does this word mean? How is fun different from recovery?' And make sure you really push them to give you answers. Because I think it's important for dealers who sell these products to really understand the level of coverage provided under them, or the coverage that may not be in the policy written in a certain way.”