Why Cyber Insurance Claims Are Paid, Yet Businesses Still Doubt

Why Cyber Insurance Claims Are Paid, Yet Businesses Still Doubt

The Perception of Cyber Insurance Claims

There’s a road in my town that’s widely regarded as a speed trap. We all know drivers who say they were unfairly stopped and ticketed on it. I’ve never been and, come to think of it, neither has anyone I talk to about it.  Maybe it’s because we live in town and “everyone knows” about the trap.

Insurance Image

The Reality of Cyber Insurance Claims

The example on everyone’s lips when this topic comes up is Mondelez International, the food and beverage giant hit by the NotPetya ransomware attack in 2017. Mondelez incurred losses exceeding $100 million, and its insurer denied coverage based on a war exclusion.

Insurance Image

Bridging the Perception-Reality Gap

Cyber is a relatively new, evolving risk. Insurers manage their exposures, in part, by setting coverage limits and excluding events they don’t want to insure. Indeed, in a recent survey by J.D. Power and the Insurance Information Institute, small-business owners named “too many exclusions” among the top reasons they don’t buy cyber coverage.

Insurance Image

If insurers want businesses to buy cyber policies and not be hit with unpleasant surprises at claims time, they need to be aggressively transparent about what’s included and excluded. Relegating this to fine print is not a good strategy.

Brokers and agents need to educate themselves about their clients’ needs and be fastidious in aligning coverage recommendations with those needs.

And insurance buyers – those with most at stake – need to understand cyber perils and insurance. For example, insurers require a cyber hygiene self-assessment from applicants. If, after an incident, that assessment proves inaccurate – say, if encryption practices were misrepresented – coverage can be denied.

Insurance isn’t a replacement for cyber diligence. But it can complement it as part of a well-planned risk management program.

In conclusion, while cyber insurance claims are indeed paid, the perception that they are not is largely due to misunderstandings and exclusions in policies. To bridge this gap, insurers, brokers, and buyers all need to take responsibility for better understanding and communicating the realities of cyber insurance.