2 Critical Cyber Insurance Issues All Companies Must Consider Now, Before an Incident!

There are two critical cyber insurance issues that every single company must understand right now, before they have an incident: 

  1. In today’s environment, every company has substantial cyber risk and every company needs cyber insurance. Period. Cyber insurance is not covered by typical business insurance and companies must have the right cyber insurance for their unique risks — this is not one-size-fits-all. As I say here, “if you don’t know you have the right cyber insurance, you probably don’t.”
  2. Many cyber insurance policies strictly limit which service providers can be used for incident response services. Effective incident response takes a team. Frequently used service providers in incident response are often cyber forensics, cybersecurity, incident response, public relations, breach logistics, forensic accounting, and of course, legal. If your company wants to use a service provider they know and trust, they must make sure and get them written into the policy or get a policy without such restrictions. It is much easier to do this while they are procuring insurance but, even if they already have it, they should still make the request as soon as possible — the time to sort this out is now, not after they have an incident.

How do you do this?

It is simple! The following is an example of an email that some of our clients have sent to their insurance broker to let them know that they wanted to work with our firm. You could send something similar to your broker, listing the vendors you would like to work with should you ever have a claim.

Dear [Insurance Broker]:

Our company has an existing relationship with Shawn Tuma and the Spencer Fane LLP law firm and they have been helping us with cyber risk related issues, including incident response planning and advising us on the need for cyber insurance. Please ensure that any cyber / privacy insurance policies that you obtain for us to evaluate will allow us to use them as an approved vendor for incident response services, should we ever need such services for a claim under the policy.

The Spencer Fane team does incident response “coach” work for several insurance carriers as approved panel counsel and can provide a list of such carriers upon request. They are very familiar with both the process of working with carriers and the standard engagement terms.

See the resources below for more explanation about these issues:

If you are interested in learning more about how cyber insurance and these two issues in particular impact incident response planning, watch the following video:

6 thoughts on “2 Critical Cyber Insurance Issues All Companies Must Consider Now, Before an Incident!

  1. Pingback: 2 Critical Cyber Insurance Issues All Companies Must Consider Now, Before an Incident! Mo – Ken Gilmour
  2. Pingback: Working From Home During COVID-19? Five Things You Should be Doing–But Probably Are Not–To Be More Cyber Secure (publication) – Business Cyber Risk
  3. Pingback: Shawn Tuma Provided Texas Bar Journal 2020 Cybersecurity & Data Privacy Update – Business Cyber Risk
  4. Pingback: Three Quick Steps to Help Prepare Your Business for Cyber Threats - Lexology
  5. Pingback: Cyber Insurance Fact vs Fiction (i.e., dispelling the myths!): #DtSR Podcast Episode 454 with Sean Scranton & Raf Los – Business Cyber Risk
  6. Pingback: Shawn Tuma Provided Texas Bar Journal 2021 Cybersecurity & Data Privacy Year in Review Update – Business Cyber Risk

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: