Way back in 2007, my team at another carrier put together a cutting edge cyber event response package to support our new cyber insurance program. The package would deliver a 24-hour crisis response support team for a pre-negotiated package fee of $10,000. The policyholder is then charged a discounted rate for all work performed by the vendor to resolve the cyber crisis event.
We were proud of this solution until we found out it didn’t work for a client. An incident was reported and the claim subsequently withdrawn by the insured due to concern over significant and rapid accumulation of expenses. The policyholder simply wasn’t willing or able to cover the costs and this took us all by surprise. The lesson was, regardless of the nature of the event or size of the company, affordability is always a crucial factor.
A cyber event is not something that any business expects, let alone budgets for. These attacks can easily deliver a six-figure punch in a matter of hours, leading to a unique problem: a cyber credit crunch. The crunch comes in the form of retainers that could buy a nice German sports car, plus specialist fees that clock in at roughly $500 an hour.
In Q2 2020, the average ransom demand for Coalition’s policyholders was $338,669 — a staggering 47% increase over the first quarter. These expenses can be crushing, even in the best of economic times, given the swift and pricey nature.
“The average cost of ransomware attack reached $338,669 in Q2 2020 – a staggering 47% increase over the first quarter” - Coalition's H1 2020 Cyber Insurance Claims Report
Many businesses seek to transfer some of this operational risk through the purchase of a cyber insurance policy. However, many of these policies miss the mark. Coverages are frequently delivered in an ‘indemnify’ format, which can force an insured to shoulder significant expense without the confidence of making a full recovery.
In insurance language, ‘indemnify’ is where an insurance carrier agrees to pay for covered expenses incurred by the policyholder. For small businesses, this is simply not a realistic solution to solve their cyber risk. This small policy detail can make a huge difference to a person whose whole world has been upended by a cyber event.
Our mission at Coalition is to ‘Solve Cyber Risk.’ This isn’t just a catchy phrase or motto chanted at company meetings. It is the basis of everything we do every day.
Our policy form was built to deliver “pay on behalf” coverage with a duty to defend our insured. What does this mean? It means we tender all payments due and take on the obligations of engagement with all vendors and specialists called on to mitigate the covered cyber event.
It is important to note that many cyber policies in the wild often sprinkle “pay on behalf” in a few places in their policy, but leave out important insuring elements including breach response costs or cyber extortion. Our program and belief is that the costs and expenses arising to respond and mitigate a cyber event demands the comprehensive “pay on behalf” format.
We've gone further to solve cyber risk and eliminate the credit crunch. We went out and found leading forensic and legal talent and brought their experience in-house, creating a leading claims incident response team. We have removed massive retainers and out-of-control vendor bills from the cyber response picture. Our team has the authority, expertise, and experience to take action immediately. This drastically reduces costs and potential time lag in response to attacks.
Cracking the cyber credit crunch takes more than creative insurance policy language or security products and services. It took me over ten years (and a few stumbles) to finally figure it out. I joined a team that bundled the insurance product, cyber response professionals, and the checkbook to cover cyber expenses.
This is truly the breakthrough the industry needed. Contact our team if you have questions about how to best avoid the cyber credit crunch.