By Joe SalpietroHelping clients get the most out of their cyber coverage means making sure they get their claims covered when a breach or security event occurs. By understanding the most common reasons cyber claims are likely to be denied, agents and brokers will be better prepared to help policyholders get their claims successfully resolved.
1. Late or improper notification
The most common reason carriers deny cyber claims is late notice. Unless the policy has specific language that allows claims for a period of time after the policy ends (usually limited to just a few months at most), then notification during the policy period is key to getting these claims approved. In addition, notice of any occurrence that could lead to a claim also must be made to the carrier in a timely and appropriate manner.
Make clients acutely aware of the need for timely notification of any potential claims activity. That will allow them to establish workable protocols internally. For example, a claim could be jeopardized if IT were to delay alerting a risk management contact.
2. Lack of understanding on coverages
It’s crucial that policyholders understand which coverages they need and which they actually have because cyber liability policies don’t all cover the same types of losses. Agents and brokers should work with each client to ensure they’ve been matched with a policy that covers those types of exposures they’re most likely to encounter. This may be dependent on a variety of risk factors, including industry, type of business (online versus brick-and-mortar, etc.) and type of technology or data assets that must be protected. Policyholders also should be aware of their responsibilities under the coverage they’ve selected. This may include applying security patches, utilizing encryption technology or other measures. If the organization isn’t in compliance with these mandates, their claim could be denied by the insurer.
3. Exclusions within the contract language
To avoid an unexpected claims denial, it’s vital that policyholders review all contracts they enter into with vendors and clients alike. This step will ensure their cyber policy will provide coverage to the extent they are agreeing to in their contracts. Is the information stored outside the organization’s network included in the policy? Will externally generated data be covered if a breach occurs within the policyholder’s system? It’s common to assume that a claim for either of these scenarios would be approved, but that may not be the case. Understanding limitations and exclusions of the policy is key to a successful claim.
4. Not involving the carrier early enough
When in doubt, claims—even those involving questions or uncertainty—should be reported as quickly as possible. This gives carriers time to investigate and determine if there are any exposures. When clients wait to notify the insurer, there are more likely to be potential showstoppers that result in the denial of a claim.