COVID-19: Next Steps For Your Cyber Insurance

Organisations face increased cyber challenges as COVID-19 continues to spread, with core activities often disrupted or needing to be adapted.

As organisations respond to urgent and changing business needs, it is vital that they continue to make cybersecurity a priority. One aspect of this is understanding the pandemic’s implications for cyber insurance.

Risk professionals should work with their insurance advisors to review carefully cyber insurance policy language. They should also refresh their awareness of all incident-response services available under their policies and how to make best use of them should an incident occur.

Policy Response

With many organisations already operating in crisis mode, incident-response services are more vital than ever. You should work with your cyber insurance advisor to ensure you understand:

• How to access your incident response coverage — do you need to call a hotline or report through your advisor?
• Is a pre-approved panel of forensic experts available to help investigate an incident? Is your information security team aware of this benefit?
• If you have a ransomware event, does your cyber policy include coverage for resolving it? Does your insurer provide access to a third party that can facilitate payment of a ransom quickly if required?
• Are there policy conditions you need to comply with to ensure coverage will apply? For example, is pre-approval required before you incur forensic costs?

Renewal Preparation

Insurers across all lines of business are concerned about the pandemic’s impact on the risks they insure and the losses they may face.

From a cyber insurance perspective, organisations should expect underwriters to look at overall business resilience in more detail to gauge how organisations are grappling with the expanded attack surfaces created by remote workforces and other users.  Underwriters will also want to review how increased dependence on technology may affect organisations’ ability to respond to disruption in their own operations as well as their extended supply chains. 

Organisations should anticipate questions from insurers on some or all of the following issues:

• Any expected financial impairment due to the pandemic that may affect investment in cybersecurity or technology.
• Working from home policies — be prepared to explain any relaxation of usual cybersecurity and privacy policies during these unprecedented times.
• Deployment and management of bring-your-own device versus company-owned devices, in particular mobile device management solutions.  
• Activation and mandates for employees and other users to utilize multi-factor authentication to access the organization’s systems.
• Methods of securing access via virtual private networks and other secure remote-access protocols, including:             
               -   Employee/user training on the use of public and home WiFi for business communications.
               -   Disabling of USB ports, thereby limiting the likelihood of data leakage in a home-working environment. 
               -   Guidance provided to employees/users regarding securing connections, the sharing of confidential information to personal devices, and/or proper use, storage, and disposal of printed confidential information.

• Any increased phishing training and/or similar cyber awareness activity.
• Establishment of a legally reviewed policy/procedure for personal data regarding employees or customers with COVID-19.
• Existence of a designated business continuity plan (BCP) for IT security. Is it being implemented now? And what is the effect on the organization of its critical suppliers’ and vendors’ BCPs?

The global Marsh Cyber practice is well-positioned to help you review your coverage in the context of your incident response plans, and to help you to prepare the right information in light of these changing or new requests from insurers.

For more information, email kelly.butler@marsh.com