Cyberattacks Can Have a Life-Altering Impact. Here Are a Few Tips for Managing a Large Claim
When business leaders think of an event that could threaten the life of their business, their minds might drift toward natural catastrophes or recessions. Some might point to a global pandemic as a major threat after the lessons of the past few years.
Experts say cyberattacks, too, should rank among a business’ top concerns. The financial ramifications and the chaos caused by an attack can be just as devastating as any wildfire or hurricane.
“It’s a life-altering event for the individuals who have to deal with it at that organization,” said Carrie Campi, senior vice president for the North American claims group and head of professional lines claims, Allied World.
“At the moment that a ransomware event happens, you’ve lost your phones, you’ve lost your emails, you can’t communicate with other people within the company, you can’t communicate with your customers, there’s no website,” Campi continued.
“Everything just stops. And what do you do? … It’s catastrophic, it’s a crisis, and it’s something you, for the most part, aren’t prepared to deal with.”
The case of one hospital in Illinois proves just how devastating attacks can be. St. Margaret’s Health was pushed to financial ruin and had to shut down after a ransomware attack prevented hospital staff from submitting claims to insurers, Medicare or Medicaid for months, NBC News reported.
“It’s definitely something that can take a company down,” Campi said.
When an attack occurs, the way a company responds is decisive in mitigating the amount of damage a hacker can cause.
Preparing before the attack, building out a strong response team and working with a trusted carrier can help make this difficult event easier for companies to manage.
Preparing Your Company for an Attack
One of the best ways an insured can prepare for a cyberattack is to practice responding before an incident occurs.
Tools like cybersecurity training and phishing tests can help teach employees to catch and stop an attack from occurring. Tabletop exercises can help companies rehearse how they will respond in the event of an attack.
“You can say that you have a plan, but if you haven’t actually tried or practiced it, just having a plan in place may not actually work in that crisis moment,” Campi said.
Insureds sometimes hire vendors to conduct these trainings, but some insureds can access them through their primary cyber insurance carrier.
“A few cyber policies, including those offered by Allied World’s U.S. Cyber team, include access to risk management platforms at no additional charge. These proactive services typically include tabletop exercises to assess a client’s preparedness or scanning for vulnerabilities to see if their system is good,” Campi said.
“The platforms also may offer phishing simulations to test and train their workforce against social engineering threats.”
Additionally, insureds should work with their carrier to make sure they’re up to date on the latest threat trends in the cyber space, so that they can be prepared for new tactics.
After a dip in frequency and severity in 2022, ransomware attacks and payment amounts are once again on the rise.
The average ransomware payment increased to $1.5 million in 2023, almost doubling in cost compared to the previous year, the Guardian reported.
Part of the reason attacks and attack payments are increasing compared to 2022 is the fact that attackers are using new tactics to pressure companies into making payments.
In the past, ransomware attackers would just shut down a company’s system without exfiltrating its data. But as businesses improved their backups, hackers realized they needed to steal sensitive data and threaten to leak it in order to get paid.
“In my opinion, the threat actors started exfiltrating data because companies weren’t paying the ransoms as a result of viable backups,” Campi said.
Building a Trusted Breach Response Team
Another major part of preparing for a cyberattack is vetting a team of vendors the company will work with in the event of a breach. These vendors can help assess the extent of the attack, advise on any legal ramifications, and guide the impacted company through the proper response.
“You need to have experts to rely on,” Campi said.
“You should have a breach consultant – a law firm that works you through the breach. You should also have vendors that are going to help you figure out what’s going on with your computer system: who’s in, how did they get in, what information did they get, and how do you clean it to make it so that you are safely functional again?”
In the event of an attack, an insured will want to work with its carrier, a data breach consultant law firm and forensic vendors that can help it assess the extent of the attack.
It’s important to ensure each of these experts has extensive experience working in breach response. Some law firms might advertise cyber services, for instance, but they could mean drafting policies rather than breach response.
Carriers can help insureds vet vendors to make sure they have enough breach response experience.
“Unless they’re actually working cyber incidents day in and day out, they’re not familiar with the current threat actors. They’re not familiar with the cadence of an incident response,” Campi said.
Your Cyber Insurance Carrier: A Breach Response Quarterback
Perhaps the most essential part of a breach response team is the cyber insurance carrier. When an attack occurs, an insured will want to contact its carrier immediately, as it can help start the response process and initiate claims payments under the policy.
“That initial phone call to the insurance company should set all of that into motion,” Campi said.
If an insured hasn’t selected vendors like a forensic team or a breach consultant, its carrier will likely have a trusted team that it has worked with in the past to call upon.
Campi said claims results usually improve when an insured uses a carrier’s vendor recommendations.
“We are going to connect the insured to outside vendors who will assist them in trying to figure out exactly what they need to do,” Campi said.
“Even if you don’t have an incident response plan in place, where you have everything lined up as to who you’re going to work with, having the right carrier will help all of that fall into place and will get you rolling.”
An experienced cyber claims team can also offer insureds support, answering questions and guiding them through the claims process — whether it’s the initial incident response or litigation after a data leak.
“Allied World has experienced cyber claims analysts who are handling these claims,” Campi said.
“We are soup to nuts. We start at the very beginning of a breach and we go all the way through. Whether it ends up with third-party litigation, or with the regulators doing their investigation, one person will handle the matter from the very beginning all the way to the end.” &