Companies are under more pressure to shore up cybersecurity defenses than ever. The average total cost of data breaches has increased from $3.86 million in 2020 to $4.24 million. This coincided with 10.7 times more ransomware activity in the last year. Insurance providers have recognized the increased risk of cyber-attacks and now require additional protections from their clients before approving cyber liability coverage. Unfortunately, the increased need for cyber insurance coverage has increased the likelihood of cyber insurance fraud.
Read this blog to learn how companies can best protect themselves and submit insurance applications without—intentionally or unintentionally—committing cyber insurance fraud.
The current landscape
The shift toward remote workforces has caused companies to embrace cloud services and remote working capabilities. With many companies new to digital transformation, the rapid transition may have left doors open for malicious attacks.
Now companies are looking to modernize their networks further by beefing up security. One method is through multi-factor authentication (MFA), requiring two or more verification factors, including:
- Known information
- Inherent/biological traits
- Possessions
Insurers now require advanced security technology
Insurance providers have begun scrutinizing their clients’ systems more closely, evaluating their solutions and strategies to ensure they aren’t at risk of cyber-attacks. MFA isn’t new, but it is increasingly part of the questions insurers ask prospective clients before offering cyber insurance.
Luckily, there is plenty of evidence to suggest that MFA works to protect against cybercrimes like phishing, extortion, and keystroke logging. Passwords alone are no longer enough, as they are easily hacked. But once MFA is implemented, even an SMS code sent to a phone can be enough to stop targeted attacks, bulk phishing attacks, and automated bots.
Also read: Prevent fake emails, social engineering, and fraudulent transfer business scams
Cyber insurance fraud: what is the risk?
For many companies, implementing MFA can be a complex and costly process. As a result, some companies may choose to omit information about the full extent of their network when contacting insurance providers.
Unfortunately, due to oversights during the cyber insurance application process, International Control Services (ICS) gives us an example of what can go wrong. The company suffered a cyberattack in May, costing millions of dollars and resulting in a class action lawsuit served by its own clients. Then, the situation worsened when ICS’s cyber insurance provider filed to nullify its policy.
An investigation from the provider revealed that ICS had allegedly only used MFA to protect its firewall and hadn’t implemented it to protect other digital assets as per the contract with the provider. The unfortunate result was that ICS was not just hit by a costly cyberattack that angered its clients; it also compromised its insurance coverage by committing cyber insurance fraud.
Also read: Russian cyber threats: Is your business at risk?
What can you do to avoid fraud?
The ICS case has the potential to affect the overall insurance fraud landscape. As the case evolves, it may set a precedent for insurance companies to deny claims based on representation. However, it can also help companies better identify where they are coming up short in their network security and allow them to shore up defenses.
The thorough application process requires attention to detail and lots of planning. Here are a few ways your company can
- Be completely factual in your insurance application. Providers evaluate applications thoroughly, and if they find any inaccuracy, they will act upon it immediately.
- Understand the policy requirements. Reading the fine print is critical because crucial information can easily be overlooked and invalidate an application.
- Understand your network. Claim denials are not just caused by misrepresentation but also by ignorance. Wrong answers in the application can invalidate it or leave gaps in coverage, which is easy to do when forms are increasingly technical.
- Enlist help from security experts. IT teams are often busy managing the company’s technology. Seeking outside help from security experts can ensure a company can meet insurance compliance goals without causing stress to the team.
Also read: Best practices to protect your accounting firm against ransomware
Moving forward
As the ICS case progresses, many companies will likely be worried about receiving claim denials of their own. However, honest applications and adequately prepared networks will help satisfy your insurer’s requirements and minimize the possibility of accidentally committing cyber insurance fraud.
McGowan PRO has decades of experience providing various industries with professional liability and errors and omissions policies. We prioritize ensuring our clients have the protections they need to focus on growing and optimizing their businesses. McGowan PRO’s Information Security & Data Privacy Liability Insurance will help you protect sensitive client information.
Contact us to find the right policy for your company’s needs.