How claims can be the key to cybersecurity preparedness

Authored by Jeremy Gittler, Practice Leader and Head of Claims, Cyber & Technology, AXA XL

As cyber events escalate and target organizations of all sizes, many are turning to claims experts for help building a robust cybersecurity plan.

We all know that hackers are upping their game, as we have seen a huge spike in the number of ransomware attacks, including more sophisticated attacks. This includes hackers conducting reconnaissance on companies to determine which ones they can extract a higher ransom amount from.

What’s more, attacks are becoming more damaging. Historically, these were random attacks in which hackers would charge relatively small ransoms in order for companies to regain control of their systems and data. However, today’s cyber thief infiltrates the system, then gathers information and proprietary company data, including trade secrets, employee information, at times including what cyber insurance the company might have, and financial information. That information gives a cyber thief leverage to charge higher ransoms based on what company data has been compromised.

Additionally, our claims team at AXA XL is seeing another disturbing trend; cyber-attacks are starting to become twofold attacks. Hackers are demanding ransoms in exchange for decryption keys for your locked systems, and a ransom for a promise not to publish or sell the information they stole from company systems. That is a new twist on the ransomware attack, and it is one that is increasing ransomware payouts as well as complicating system recovery.

Who is Vulnerable?

All organizations and industries are vulnerable to cyber-attacks. While large corporations are often targeted because of the potential payout and cybersecurity vulnerabilities, there is a significant rise in the number of smaller organizations that are being attacked. According to Verizon’s Data Breach Investigation Report, small businesses made up 43% of online attacks in 2019, and today’s remote work model has left countless numbers of businesses vulnerable to cyber-attacks.

For those organizations with poor cyber security, scant employee training, or inadequate or no incident response plan, the loss exposure could be exponential. Most often, these are entities without large budgets – the very organizations that would be most impacted by a cyber-attack.

The lack of budget is also playing against many smaller organizations. As cybercrime has ballooned over the last decade and certainly over the last few years, cyber insurance coverage has become more costly. Many smaller companies mistakenly view cyber insurance as an unnecessary cost, assuming cyber-attacks are more of a concern for larger entities.

Yet hackers see much appeal in targeting companies with lax cybersecurity measures. While the ransoms may be smaller than those demanded of larger corporations, the payouts can be devastating to a business.

How devastating? An organization can expect to pay out not only the cost of the ransom, but also the forensics investigation, the data recovery costs, and the business interruption costs. Business interruption alone is a huge factor in paying ransoms – often, a company will be forced to pay the ransom simply because not doing so could be the difference between a business halt for a few days or a shutdown for a few weeks.

For those organizations with poor cyber security, scant employee training, or inadequate or no incident response plan, the loss exposure could be exponential.

Building Stronger Cyber Protection

Companies of all sizes should be doing what they can to put cyber insurance in place. However, because of the sizable increase in cyber events and the increased demand for cyber insurance, many smaller organizations are finding it difficult to afford coverage. With a dramatic rise in claims, carriers are restricting availability, policy capacity and premiums are increasing.

For that reason, carriers are looking for companies that demonstrate a robust approach to cyber risk mitigation. Companies that demonstrate active cybersecurity plans and a company-wide approach to cyber safety will be a more appealing risk for those carriers.

It behoves the organization then to establish a sound cyber security prevention and response plan. Doing so has a number of advantages, including strengthening your company’s cyber preparedness, reducing your cyber risks, thus improving the appeal of your cyber risk portfolio to carriers.

Your company need look no further than your carrier’s claims team. A claims team can not only walk your organization through the claims process, but also help you understand some best practices to mitigate your cyber risk based on real-life scenarios they have encountered. The AXA XL claims team suggests companies start here:

Instil a cyber-focused culture - Start by making cybersecurity part of the company culture. Every employee should be actively participating in preventing cyber-attacks from hitting their mark. Make cybersecurity part of the company’s daily business operations.

Teach cybersecurity - Employees should be trained on how to spot phishing attempts and where to report any suspicious activity. Part of your training efforts should include what to do if an employee inadvertently clicks on a link or divulges proprietary information to hackers.

Find a great claims team - A solid claims team can be a huge asset when there is a claim. Having a relationship with the claims team ahead of any claim makes any future claim go more smoothly. Meet with the claims team and learn how their claims process works. Conduct tabletop scenarios that can clarify their response.

Especially in the immediate aftermath of a breach, a claims team can act as advisors on how to respond to ransom demands and can get a team of experts involved immediately. The claims team has a wealth of knowledge on the claims process, but also connections to the right people to help you through a cyber event.

Collaborate with your insurance carrier - An insurance carrier with a deep background in cybersecurity can assist your company in understanding where vulnerabilities may lie, and how to improve your cybersecurity measures from an insurance perspective.

Work with a carrier that has the experts in place to help you with both pre- and post-breach planning. An experienced carrier will spend time with your company at the outset ensuring that you are understanding your risks and making suggestions on how to reduce those risks.

Maximize insurance coverage - Work with your claims team to understand where claims may be occurring historically, what potential claims are emerging, and what coverage options fit best with your risk portfolio. Talking with your claims team early and often can help your company stay ahead of risks and build a better insurance program to address any future incidents.

Cyber Readiness, Claims Style - In fact, organizations of all sizes can improve significantly their cyber risk exposure with these types of prevention strategies. Such preparation can help organizations enter the cyber insurance market, and possibly at a more affordable premium.

Yet the policy is just one facet of a sound cybersecurity mitigation strategy. The policy is as good as the claims team behind it. A good claims team will provide service beyond claim resolution. That includes having the expertise in place to help you lower your cyber exposures. By building a relationship with the claims team, your company will be well-positioned to prevent costly cyber events and will be in a stronger position should a claim occur.