April 25, 2019

Cyber Insurance Easter Eggs – WST

Did you hear about the woman who was recently awarded $10,000 for reading the fine print on her travel insurance policy?  We can’t promise you the same, but there may* be some rewarding information in your own cyber insurance policies that we often encounter during IT Audit document reviews and have the opportunity to share with our clients.

  • Incident Response Services.  Often vaguely stated, but occasionally detailed; your insurance company may provide a preferred third party for incident response activities AND include pre-paid or reimbursable time for you to use their services.  If you find this egg, be sure to integrate it into your Incident Response Plan!
  • Policies and Training.  Several policies we’ve seen entitle the insured to access portals that contain Information Security-related policy templates, end-user training materials, and even deeper technical training for the nerds!
  • Coaching.  When stuff hits the fan, who’s got the coolest head in the room? Is your Incident Response Plan reading like a jumbled mess of words?  Your policy may provide some relief through incident coaching before and during an incident.  Many insurers require that an introduction occurs with coaching staff before an incident, so be sure to read through the details.

Your cyber insurance policy may also have some other Easter eggs that may not bring a smile to your face.  Some common ones:

  • Callback minimums.  Some policies, regardless of origination or authentication methods used, explicitly require financial institution staff to perform callback verifications for monetary wires, ACH, and other transfers.  Typically, this requirement is accompanied by a minimum dollar amount.  Be sure that your Wire, ACH, and other transfer-related policies reflect callback procedures that align with your cyber insurance policy.
  • Log minimums.  Many policies base claim eligibility on an insured’s ability to produce forensic evidence, usually in the form of logs.  Some policies cite minimum retentions and expected systems where logs must be collected.  Are you confident in your own log retention, and does it align with your cyber insurance policy?
  • Forensic examiner coverage.  With increasing frequency, some insurers will only provide coverage if the insured uses a forensic examiner the insurance carrier has recommended or provided.
  • Cyber-extortion coverage.  Another “surprise!” you may find in your declaration pages may be that you are not covered for ransomware of other cyber-extortion events.  Carriers are starting to drop it from some policies.

*Interpretation of your insurance policies should be done with the assistance of insurance or legal professionals.  We are neither.

Past Weekly Security Tips – WST