Preparing for Cyber Claims: Coverage, Readiness and Response Teams

Jon-Alec Parker (00:09):
Welcome to another episode of Imperium's Risk Brief. Today we are diving into cyber claims, specifically what you can do before a breach to be better prepared for a claim. I'm Jon-Alec Parker, a manager at Imperium, and I'm joined today by Senior Director Joseph Critelli, who is here to share critical strategies for building a proactive response plan. Joe, you ready to jump into some questions?

Joseph Critelli (00:29):
Sure, Jon. Let's go.

Jon-Alec Parker (00:31):
Alright, so first, what are the most prevalent types of cyber attacks?

Joseph Critelli (00:35):
Well, while phishing is technically the most common and prevalent type of cyber attack, ransomware is the attack which is seen to be most impactful on the insurance industry and creating an insurance claim.

Jon-Alec Parker (00:51):
What types of coverage are afforded by a cyber policy, and how do they differ from property policy?

Joseph Critelli (00:58):
The difference between cyber and property really are not that great. It's mostly in the technical language. There are two main insuring agreements in a cyber policy: first-party insuring agreements and third-party insuring agreements. Third party first, third-party insuring agreement covers your business's liability for any claim or claims brought against you by clients, customers or any other party who suffered damages due to a cyber incident originating from your operations. While a first-party insuring agreement covers the direct loss and recovery costs incurred by the policy holder, the business, following a cyber incident. These might include business interruption, data recovery and restoration, forensic investigations, consumer notification costs and cyber extortion payments, which would be that ransom payment.

Jon-Alec Parker (01:57):
And do most policies typically have both insuring agreements?

Joseph Critelli (02:01):
They do, they do. It all depends upon what the triggering factor is and what comes out. Third party does not seem to be as prevalent as first party in the response to remediate from first-party claims.

Jon-Alec Parker (02:15):
Gotcha. What can a business entity do to prepare for a cyber claim submission?

Joseph Critelli (02:21):
Wow. Tricky question. Preparing for a cyber claim versus preparing for a cyber attack is quite different. I'll just touch upon a cyber claim, not any of the technical aspects of how to prevent one. For starters, it's most important to know your coverage. What is covered? What types of costs and expenses might be reimbursable under the policy? Then, how much is covered? What is the policy limits or sub-limits? Do you have a total claim limit of one million dollars, $5 million, more or less? That's your first step, know your coverage. The next step really would be to assemble your team in advance. By assembling a team, you want to engage a knowledgeable broker who will assist you in the placement of your policy and having you have the most favorable terms and conditions and hopefully pricing to that policy. You also want to select breach counsel prior to the incident. An IT forensic team should be engaged and on standby, and of course have an independent forensic accounting team ready to assist you with the quantification, the analysis and to support your claim and the eventual proof of loss filing.

Jon-Alec Parker (03:36):
The team sounds like an important part there. What are your recommendations on assembling that team, and at what point would you involve them?

Joseph Critelli (03:43):
I always recommend that the different disciplines in your team be engaged following the binding of your policy. Except for the broker who is engaged prior to the binding of a policy, having a team in place can make things much more efficient and much more effective should the worst case scenario, a cyber claim, happen to you.

Jon-Alec Parker (04:05):
Does each piece of this team, do they have a specific role?

Joseph Critelli (04:09):
Sure, yes they do. Of course, as I mentioned, the broker will work with the risk management team and provide the various coverage options that may be available. They will also shop your coverage to the various insurance markets to obtain the best conditions and pricing. Now, the breach council is going to provide legal guidance during and after a cybersecurity incident. They will help organizations navigate complex legal and regulatory obligations that may arise from the cyber event. The IT forensic team involves collecting, preserving and analyzing digital evidence, which will determine the attacker's cause, scope and impact. They also help to identify the attackers, reconstruct events and gather information for remediation and possible future prevention of other attacks. Then lastly, the forensic accountant's role is to investigate the financial impact by analyzing financial records, calculating losses for the insurance claim and potential litigation and identifying any financial irregularities or fraud that occurred due to the breach.

Jon-Alec Parker (05:18):
Finally, what is Imperium's role in a cyber claim?

Joseph Critelli (05:22):
Imperium sits in that forensic accounting space, so we would assist the policy holder with understanding those costs and damages incurred that is afforded by the coverage. We would assist in documenting, analyzing and quantifying any and all losses associated with that cyber event. We would also assist the policy holder to navigate the claims process to make it as efficient and effective as possible to prepare and submit the eventual claim. Then, Imperium lastly would help in the settlement of the claim and in rare circumstances, dispute resolution should it arise.

Jon-Alec Parker (05:58):
Thanks, Joe. That's all the questions we had today. We appreciate you joining us on Imperium's Risk Brief. For more insights on cyber risk or to connect with me or another team member, visit us at ImperiumCG.com. Thank you.