Cyber insurance is a type of insurance that protects businesses from financial losses that can result from a cyberattack. While it’s an essential tool for businesses of all sizes, there are some facts you should be aware of before purchasing a policy.
Just because you have cyber insurance, it doesn’t mean you are guaranteed a payout in the event of an incident. This is because you may not have the correct coverage for certain types of cyberattacks or you might have fallen out of compliance with your policy’s security requirements. As a result, it is critical to carefully review your policy and ensure that your business is adequately protected.
Learn from the past
Here are three real-life examples of denied cyber insurance claims:
Cottage Health vs. Columbia Casualty
The issue stemmed from a data breach at Cottage Health System. They notified their cyber insurer, Columbia Casualty Company, and filed a claim for coverage.
However, Columbia Casualty sought a declaratory judgment against Cottage Health, claiming that they were not obligated to defend or compensate Cottage Health because the insured didn’t comply with the terms of their policy. According to Columbia Casualty, Cottage Health agreed to maintain specific minimum risk controls as a condition of their coverage, which they then failed to do.
This case reminds organizations of the importance of reading their cyber policy, understanding what it contains and adhering to its terms.