Cyber Security Risks May Result In Denial Of Cyber Insurance Claims
Download MP3This is a big wake up call for companies that have or want to get cyber liability insurance So part of what will be required of you as an insured as a company . Is that if they give you cyber insurance or cyber liability protection insurance , you're going to have to follow certain guidelines of keeping your . system updated using proper procedures They're going to give you some requirements . Of what your company has to do . To keep that coverage . And the very serious about it Here's an example of where a claim was denied or the insurance company is trying to deny the insurance contract . because . the insured didn't follow . Basic practices of protecting their system and they had a loss , they had a claim where they were a subject of a hack . And they lost money and they put in a claim and the insurance company said well , you didn't follow our requirements And one of the requirements was MFA Multi-factor authentication So that's the system as you probably already know when you go to login . To a bank let's say they send you a text message with a code number that you have to put in in order to get in it's multifactor authentication not just a password . You have to also have to put in a code number . And . The company said in their application , we have that we will use it It's enabled in our system , but it turns out that they didn't use . The company the multi-factor authentication So because of that , the insurance company . Is rescinding the policy . Or trying to rescind the policy . Because allegedly . The company . Didn't do what they said they were doing . So what they're asking the court . Is to say undo the policy We would not have issued the policy at all . If we knew that the company was not using multi-factor authentication as it said , So the company said in their application , we're using 2FA or MFA whatever you want to call it . And their cyber application policy signed by the CA CEO and another person . Said that the company used MFA for administrative and privileged access . They sign the application saying that . However following the ransomware event . The insurance company travelers learn during investigation that the company . wasn't using that . On a server . Only use MFA to protect a firewall and did not use it to protect other assets . So this is loophole You might call it Well this is insurance company trying to weasel out of a claim , trying to escape pain claim which maybe that's true . But if you make a representation on an insurance contract you have to bide by the bigger takeaway is If you have a cyber liability policy and the company tells you , here's the things that you need to do to protect yourself go ahead and do them
Who knows how they . been using multifactor authentication ? They might've not had the loss in the first place and they wouldn't have to put in a claim and worry about it getting rejected . So why not use it It's a very simple thing to do . Is it inconvenient to have to type in a password every time Sure It is right . But it would keep you from having the ransomware event in the first place . And it would keep you from having to fight with your insurance company . If you use it , like any other statement , anything you put on your application is presumed to be true And if you put down we're doing this and you don't it's called a misrepresentation omission or consume in a fax . all of which material affect the acceptance of risk . So before the insurance company says we'll take on your , your insurance will take on your risk . They're gonna use do your statements as representations of what their risk is . And this event happened in 2020 This is two years ago almost a year and a half ago . And hackers gained access to the username and password of the administrator . And they were able to log in because there was no multi-factor authentication travelers wants the court to declare the insurance contract . null and void . rescind the policy and declare has no duty . To pay the claim . What are your thoughts on this If you're an insurance company . If you are an insured . If you are . A company that has coverage or not . Tell us what you think about this event happening ? And how would you handle it if you were a company ? Make sure that you . Get good Descriptions of what your requirements are from your insurer . Before you take on any kind of insurance much less cyber liability .