Question: I bought cyber insurance, but I still worry. If I experience a breach or other security incident, how will the cyber insurance company be likely to weasel out of paying my claim?
Jeff Wichman, practice director, enterprise incident management at Optiv: In most cases, your cyber insurance company isn’t going to weasel out of paying a claim. My advice is to be prepared!
Your provider is going to have a specific process/requirement for engaging with them and outside resources for an incident. Follow that process, and take these steps to be better prepared:
- Validate with your provider that your preferred partner is approved as either an on-panel or off-panel firm you can work with.
- Update your incident response plan to include when and how to engage with your claim process. Now is the time to start building that into your documents.
- Test, test, test your incident response processes using an applicable scenario-based exercise with your trusted third party. This can help you identify gaps in your efforts.
Do you have questions you'd like answered? Send them to [email protected].
- Any Advice for Assessing Third-Party Risk?
- What are the First Signs of a Cloud Data Leak?
- 5 Things to Know About Cyber Insurance
- Akamai 2019 State of the Internet Report / Security: Financial Services Attack Economy