The reason for cyber verification checks by insurers and brokers
In the most recent cyber security survey, it showed 59% of medium sized businesses were made victim to a cyber attack in the 12 months prior to April 2023. For large businesses and large charities, this rises to 69%. Yet, when it comes to cyber hygiene, and protecting against unsophisticated threats, there has been a consistent decline. Only 70% have a password policy, 66% know they use a network firewall, 67% restrict admin rights, and only 31% perform software security updates within 14 days. These appalling cyber hygiene statistics are forcing insurers and brokers to be more vigilant around reminding clients to stay cyber alert.
2023 data breach statistics show approx. 2.39 million cases of cyber crime hit UK businesses. With this increased threat, brokers and insurers are all the more pressing on cyber risk awareness and cyber security. The way insurers and brokers understand the risk aversion a businesses is through a cyber verification check.
To learn more about a cyber verification check, we turned to Romero’s Claims Director, Stuart Dobbins.
Stuart boasts over 20 years’ experience managing a broad portfolio of large and complex losses for high-value clients. Stuart undertakes comprehensive claims reviews, helping businesses manage ongoing claims and identify trends. He gives us an indepth guide into cyber verification checks, and how businesses can be best prepared.
Cyber Verification Checks
Stuart Dobbins, Technical Claims Director:
With the prevalence of cyber attacks increasing across all industries, insurers are seeing more and more claims submitted in relation to losses arising from the same. These claims can be in the form of direct incursions into a business’s system, such as in the form of ‘ransomware’, wherein a cyber criminal locks a policyholder out of their own systems until a cryptocurrency payment is made; however they can also be in the form of the impersonation of customers, suppliers and even other members of staff within the company in an effort to encourage a payment to be made into a fraudster’s bank account.
Regardless of the method by which a loss is experienced, any insurance policy that may provide cover in response to this loss will stipulate a number of conditions and checks with which a policyholder will need to comply before a claim can be considered. These conditions are often in the form of requirements for the client to have certain processes in place before changing a supplier’s bank account information, or for multi-factor authentication (MFA) to be in place when utilising certain aspects of their system.
The obvious corollary to the above is that; should a policyholder fail to comply with these conditions, they may find that their claim is rejected or significantly reduced, depending on the remedies available to the insurers.
As such, it is therefore crucial that a policyholder reads and understands all appropriate conditions, as well as noting the serious consequences of their failure to comply with the same. In addition, the Statement of Fact or Proposal Form for the relevant policy may contain certain requirements relating to the acceptance of cover that will need to be demonstrated in the event of a claim.
Each client’s policy will have their own specific requirements and declarations, and it is therefore incumbent upon the policyholder to review the appropriate details so that they have the best possible chance of achieving a successful claim should the worst happen.
If you have any questions or concerns about conditions relating to your cyber or crime risks please do not hesitate to contact your Account Executive directly.