Malware has dire potential for companies—even worse news is that malware attacks are rising at an alarming rate. According to Crowdstrike’s 2020 report, 56% of respondents report their organization suffered a ransomware attack in the last 12 months. Sonicwall reports that through September of 2021, they recorded 485 million ransomware attempts globally.
Are you insured? Now is the time to be. Due to the global increase in ransomware attacks, it’s no wonder insurers demand a more proactive approach from companies. Worst case? You don’t get reimbursed for your losses and resolution times become impacted.
In this article, we share some tips on what you can do to ensure cyber insurance pays in the event of a claim, and what to do before and after an attack.
Before an Attack
1. Answer the Cyber Insurance Questionnaire Honestly
Sometimes people answer their Cyber Insurance questionnaire falsely to try and get a better insurance deal. But let’s be honest—it’s not worth the hassle you may end up creating.
In the event of an attack, the insurance company will deploy IT forensics specialists to verify the truthfulness of your answers. If you falsely answer one of the security questions, the Cyber insurance company gets an easy way out.
2. Know What Your Ransomware Insurance Policy Covers and its Limits
Some insurance policies are better than others. You must review the extent of what your policy will cover in the case of a ransomware attack, because often, coverage can fall under and trigger other types of coverage.
For example, a ransomware insurance policy can also cover these areas:
- Data recovery. Ransomware attacks target your valuable company data. Reclaiming, recreating, decrypting, or restoring data comes at a cost.
- Business interruption. Even smaller-scale attacks can force your business out of operations. According to Statista, the average duration of downtime, as of Q3 of 2021, is 22 days.
- Dependent business interruption. If you suffer downtime due to an attack, chances are your suppliers, customers, or partners will suffer too.
That’s not all. Ransomware insurance policies may cover events like:
- Unlawfully accessing, disclosing, or selling data on your network
- Altering or destroying software, systems, or programs
- Transmitting virus or malicious code on your network
- Impairing or restricting access
- Interfering with your website
- Phishing your customers
You also want to check the coverage limits for ransomware to verify if the policy will cover your real costs. Review the limits carefully. At a minimum, you want your ransomware insurance policy to cover extortion demands and loss in business revenue during downtime.
Lastly, ask how fast the insurer can respond and approve paying ransoms and other payments. Speed is of the essence. For your business security, you want to ensure they can help you quickly when it matters.
3. Have the Proper Measures to Avoid a Ransomware Attack
Insurers want to see you have a proactive cybersecurity approach, and they won’t issue a policy if your security is lacking. There are several ways to show a proactive approach, and each insurer has its own approach and requirements.
Most commonly, insurers will look at:
- Regular patches and updates. Ensure all your systems are patched and up to date, as weaknesses in software can be prime targets for ransomware exploits.
- Remote access restrictions. Use VPNs or other secure methods to remotely access company infrastructure.
- Multi-factor authentication. Verifying user identities with more than one method for sign-in is a great way to ensure that only authorized users can access your infrastructure and IT resources.
- Secure backups. Having backups is an integral part of cybersecurity—test them and make sure they work.
Insurers want to see that you have put measures and a plan in place to keep your company safe. If a ransomware attack occurs, you can show that you have complied.
4. Practice Your Playbook
When a breach happens, you must act quickly. The first 24 hours are the most crucial. A ransomware playbook allows you to follow a breach response plan that will tell your team what to do in case of a security event.
Practice makes perfect. Have your team review and practice the steps annually to ensure you can effectively follow through and execute your response plan.
After an Attack
1. Be Able to Produce Required Evidence Of Compliance
Insurance only works if you have done everything you can at your end. To get support from your insurance company, you must show that you acted in compliance according to their policy.
2. Meet the Deadlines
Check your insurance policy on how quickly you must notify them in case of a breach—and never miss that deadline. In the event of an attack, you want to make sure you get the most out of your policy.
The earlier you can contact your insurer for help, the more they can help resolve the emergency. Always contact your insurer immediately in case of an attack.
3. Engage a Professional Team to Represent You
Representation can pay for itself. Hire professionals to negotiate your payouts to ensure you get the most value from your insurance policy.
4. Fully Cooperate with What is Required
Naturally, insurance companies want to pay as little as possible. Don’t give them a reason to. Make sure you cooperate and comply with their demands. Be responsive, answer questions, and always work with them.
5. Watch Your Language when Communicating with the Insurance Company
Everything you say can be used against you in a court of law. Don’t use the term “breach” when you contact your insurance company. Say you have a security incident and that you are contacting them about your policy requirements.
Don’t guess what the issue might be in conversations with your insurer. Guesses might lead the insurer to think you’re non-compliant—possibly interfering with your case and payout.
Are You Protected from Ransomware Attacks?
Much like other insurance, getting paid in the event of a ransomware attack comes down to being compliant with the necessary precautions and requirements. It also entails you to meet deadlines and be quick-to-act, as a delayed call may alter both payout amount and resolution.
With common sense and a solid playbook, you already have the proactive measures in place, even before an attack occurs; this will help ensure you get paid after a security incident. Remember, don’t guess, assume, or say anything that can jeopardize or change your case. Be sharp and cooperative.
Is your cybersecurity in check? Let us help!
