Cyber Insurance Claims

A cyber insurance claim is a formal request insured companies file to receive assistance after a cybersecurity incident. Its main purpose is to provide businesses with the resources they need to respond, recover, and resume operations following an attack. As with any other policy, a cyber insurance claim correlates with the exact terms and specifications found in the insurance agreement.

In today’s digital world, cyber insurance is now a must-have for organizations, which face an ever-growing list of cyber risks and vulnerabilities. For example, threat actors can launch social engineering attacks, initiate funds transfer fraud, and commit business email compromise attacks, among myriad other attack methods.

While all businesses need to protect against cyber crime, organizations that collect sensitive data — including healthcare companies that store health information, businesses that manage credit card information and other PCI data, and organizations that process personally identifiable information (PII) — are perhaps the biggest targets.

When these attacks occur, insured businesses can file cyber insurance claims to recoup losses, minimize business interruption, and accelerate the recovery process.

The cyber threat landscape is always evolving, with threat actors constantly finding new ways to evade security teams and tools to access sensitive information.

With this in mind, one of the best things you can do to prevent attacks from impacting operations is to stay on top of current cyber crime trends. As of late, the most common cyber attacks leading to insurance claims include ransomware, business email compromise, and funds transfer fraud.

The three most common cyber attacks leading to an insurance claim include:

• Ransomware

• Business Email Compromise (BEC)

• Funds Transfer Fraud (FTF)

Ransomware

Ransomware is a form of malware that blocks access to a device or computer system. Threat actors use ransomware to lock devices and data until victims pay a ransom, often in bitcoin.

As we explain in a recent post, threat groups are now using ransomware-as-a-service solutions to streamline attacks and extort businesses. As such, ransomware remains a top threat in 2023 — and something all organizations need to actively monitor.

Business email compromise

Business email compromise (BEC) is a type of phishing scam that targets email systems. A BEC attack often contains malware attachments, as well as ransomware.

While BEC attacks aren’t a new problem, they are more dangerous than ever. Even with today’s advanced email filtering, phishing still accounts for over half of all cyber insurance claims.

Funds transfer fraud 

Funds transfer fraud (FTF) occurs when cyber criminals redirect online money transfers to collect payments themselves instead of having them go to the intended recipient. 

To execute an FTF attack, a fraudster may impersonate a vendor, bank, or company employee. This method of attack often involves sending a fake invoice or payment instructions to wire funds to the threat actor instead of the intended recipient.

Cyber incidents can be notoriously expensive due to the multitude of costs that come with discovery, investigation, and mitigation.

According to Coalition’s latest Claims Report, the average cost of a cyber liability insurance claim for a small business (less than $25 million in revenue) continues to average around $100,000.

Additionally, the Claims Report also outlined a 56% increase in the average claim cost for small businesses along with a sizable uptick in the overall frequency of attacks. What’s more, small businesses also experienced a 40% increase in ransomware attacks as well as a 54% increase in funds transfer fraud incidents.

For middle-market businesses with $100 million in revenue or more, average claims severity now hovers around $350,000. Add it all up, and no matter how big or small a business is, cyber crime can wreak havoc on the company’s pocketbook.

According to a recent World Economic Forum report, 93% of cyber leaders and 86% of cyber business leaders agree that a catastrophic cyber event is likely coming within the next two years.

As such, companies need to use this opportunity to make the necessary preparations that will enable them to withstand a significant security breach before it occurs. Unfortunately, delaying or avoiding cyber insurance could result in devastating financial and operational consequences.

With that in mind, let’s take a look at some real-world cyber insurance claims scenarios where businesses were able to recover from attacks quickly thanks to cyber insurance coverage.

Technology company recovers stolen funds after phishing incident

Recently, a technology company lost $200,000 during a social engineering incident when a threat actor sent a spoofed email pretending to come from the CFO to the organization’s controller. Upon receipt, the controller wired the funds to the threat actor before realizing the error. 

With Coalition’s help, the company successfully recovered $150,000 within 24 hours after reporting the incident. Even better, the company was able to recover the remainder of the lost funds thanks to its insurance policy.

IT services firm recovers from ransomware attack

An IT services firm discovered that all of its computer systems and customer data were encrypted in a massive ransomware attack — including its backups. 

The company contacted Coalition’s Security Incident Response (CIR) team, which went to work decrypting their files, restoring information, and performing forensics. Less than 48 hours later, the issue was resolved. 

Nonprofit shuts down BEC attack, recovers $1.3 million

A nonprofit institution for childhood education was hit with a devastating BEC attack, compromising the finance director’s email account. After months of research, the attacker was able to spoof the nonprofit’s domain and execute $1.3 million in illegal fund transfers.

The client engaged Coalition, which coordinated with law enforcement to prevent further payments from occurring. Coalition also took down the fraudulent domain and managed to recover almost all of the stolen funds.

Nonprofit detects FTF operation, avoids financial harm

In a separate incident, a different nonprofit discovered a cyber criminal using a spoofed landing page to redirect donation payments to a fraudulent Square account. Fortunately, the company didn’t lose any donations to the spoofed website. But since the business had coverage in place, it would have been able to recover any lost funds.

With Coalition’s help, the organization was able to identify and remediate numerous security vulnerabilities that enabled the threat actor to infiltrate its network — resulting in a stronger overall security posture.

Alcohol manufacturer restores operations after ransomware attack

An alcohol manufacturer lost access to a major industrial system due to a ransomware attack. As a result, operations were brought to a standstill and the business was exposed to potential property damage.

Through expert negotiations, Coalition reduced the ransom from $2.3 million to $609,000 — a $1.7 million difference. In addition, Coalition restored system access. And since the policyholder had the necessary endorsement, Coalition covered the cost of the interruption and repair.

Before shopping the cyber insurance market and selecting a plan, organizations need to have a firm understanding of the type of coverage they want. For example, in addition to data breach insurance, some businesses might be interested in ongoing credit monitoring services, crisis management support, and help with public relations.

After outlining requirements and finding plans that might work, they then need to scour each policy to ensure coverage is adequate and understand any insurance exclusions before making a decision. During this process, it’s a good idea to consider your business’s environment, risk level, and cybersecurity culture. 

Selecting a comprehensive plan is key for ensuring proper post-incident support and coverage. As such, it’s a good idea to round up your security, legal, and operations teams to analyze the policies you’re considering and get their input. 

At a high level, there are two cyber insurance policy types to know about: first-party and third-party coverage.

First-party cyber insurance coverage 

First-party coverage pays for out-of-pocket expenses that the organization itself incurs to recover from a loss, such as:

• The immediate costs associated with responding to a data breach

• Financial loss resulting from business downtime (e.g., insurance coverage may account for revenue loss due to network or application outages, operational failure, or product damage)

• Costs related to cyber extortion, including payments, negotiation expenses, and fees 

• System restoration and data recovery costs

• Post-breach training, recovery, and network monitoring

Third-party cyber insurance coverage 

Third-party coverage pays for any liabilities that stem from a cyber incident impacting a third party, including:

• Network and information security liability 

• Regulatory defense and penalties stemming from laws like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)

• Technology and media liability

• The cost of hiring an attorney to represent your company in court 

• Court-ordered damages

Cyber insurance can be a lifesaver for companies that experience security incidents because it provides essential services and support that help organizations recover and resume operations after they’re attacked. 

That said, cyber insurance doesn’t cover everything — and business leaders need to know where coverage typically ends. In most cases, cyber insurance policies won’t cover:

• Future lost profits unrelated to the cyber incident (e.g., missed opportunities or lost customers).

• Intellectual property loss.

• Compensation for employee turnover related to the cyber incident.

• Reputational harm stemming from information leaks like emails, text messages, and phone calls. 

Due to the fact cyber insurance has limitations, businesses need to take active measures to bolster their defenses and prevent incidents from occurring. This requires building a robust layered defense that encompasses the human layer, network perimeter, network security, endpoint security, application security, and data security. 

Always remember: a cyber insurance plan should complement a layered security strategy — not replace it.