Post Attack: Tapping Your Cyber & Data Breach Insurance

While having insurance allows for a sigh of some relief in a worst-case scenario, there is no pleasure in tapping into coverage. Using insurance of any kind means something bad happened. 

Like any other form of coverage, cyber insurance is something an organization would rather have and not need than need and not have. In cases of using cyber and data breach insurance, an organization has fallen victim to a hacker gaining access to its networks and private data. 

Though post-cyberattack conversations are the last thing anyone wants to have, they are a necessity to move forward in the recovery process. By coming to the table prepared, those hard conversations are a little easier and streamline the initial stages of getting back to pre-breach business as usual. 


Talking With Your Cyber & Data Breach Insurance Provider Post-Breach 

After a cybersecurity or data privacy breach, one of your first steps is to execute upon your breach response and notification plan. The sooner you start, the sooner you can start filing an insurance claim. 

For your data breach insurance provider to effectively help your organization, they need as much information as possible from the onset. Key details to share in the immediate aftermath of a breach include: 

  1. When the breach was discovered 
  2. How the breach was discovered – did a member of your team or a client alert your organization or did a component of your cyber defenses? 
  3. The immediate impact of the breach on your organization – is it limited to data or are operations affected? 
  4. The extent of any known data loss, including what data was taken and how much 
  5. Who any data loss is reportable to – do you need to notify regulators, clients, customers, or employees?
  6. What type of help your organization needs — breach coach, crisis communications, forensics, negotiators, identity theft protection, etc.; 
  7. Whether law enforcement is has been notified and if they’ll need to be involved 
  8. Any communications with a threat actor to this point


Whether you are an organization’s general counsel, CISO, risk management professional, or member of its IT team, there are some important questions you should ask your insurer to move forward in starting the claims process:  

  1. What additional information does the insurer require?
  2. Are there any deadlines to be aware of?
  3. What services are provided according to your organization’s policy (think: breach coach, crisis communications, data forensics)? 
  4. Is your organization allowed to choose its own post-breach service providers? 
  5. Are there limitations on the policy for certain workstreams?
  6. Who do firms referred by the insurer report provide reports to? Is it the insurer or your organization? do they work directly and exclusively for us?
  7. Is there anything we should not do that would jeopardize a claim?

What You Should Know About Applying for & Keeping Cyber Insurance

Download our free e-book, “A Compendium for Obtaining & Retaining Cyber Insurance.”


Talking With a Data & Cybersecurity Consultant After a Breach 

As with cyber insurance, having a data and cybersecurity partner on hand is invaluable after a breach. Their work after a breach occurs can help an organization circumvent becoming a victim a second time. 

Like an insurer, a data and cybersecurity partner will want to know as much as possible about the incident. You should expect to be asked: 

  1. What is the status of the attack – is it still in progress, contained, or over?
  2. How did the attack happen?
  3. How did your team respond to the attack? 
  4. What have you done to start the recovery process – has your organization taken corrective action and if so, what?
  5. Are there any immediate weaknesses that you’ve identified in your defenses, and if so, what are they? 
  6. What cyber and data security defenses did your organization have in place before the attack?
  7. Has your organization ever had an external & internal penetration test
  8. Has your team ever run tabletop exercises or completed any practice drills for a breach?


Similar to speaking with your organization’s cyber insurance provider after a breach, you should have questions ready for a cyber and data security consultant. Generally speaking, your checklist of questions should include: 

  1. What additional information is needed? 
  2. What post-breach services does the consultant provide?
  3. How soon can work start? 
  4. What do our short-term and long-term engagements look like?
  5. Who is the main point of contact?
  6. What is the payment for services schedule?
  7. Does the firm provide cybersecurity and data handling training? 
  8. What reports or documentation will be delivered? 


The #1 Takeaway From a Breach

The last thing any organization wants is to find out its cyber defenses were subverted and its data was compromised. Breaches cause a host of problems and start an organization on a long road to fully recover

For any organization that has become an adversary’s latest victim, a breach should underscore the importance of being prepared. In an overall cybersecurity and data privacy strategy, robust and always-on defenses are only one, albeit critical, component. Having the mechanisms in place to respond to a network intrusion can mean the difference in a successful recovery. 

The most effective breach recovery measures – such as a cyber incident response plan – are developed by an organization in concert with a cybersecurity partner. Whether they are a member of your team or from a cybersecurity consulting service, a cybersecurity partner has the expertise to create a breach response roadmap that expedites 

From a cyber insurance perspective, having breach recovery mechanisms in place is a requirement for most policies. Without an incident response plan or other measures ready, some insurers may deny claims or stop covering an organization


Moving Forward From a Breach 

With adequate preparations, a breach in cybersecurity and data privacy is not the end of the world for an organization. Though a successful cyberattack presents a host of challenges, having the resources for recovery available (cyber insurance and a cybersecurity partner) makes the process less painful. 

Whether your organization is using its cyber insurance policy or working with a cybersecurity partner, getting the most from either means asking the right questions and having honest conversations

Is Your Organization Prepared to Respond to a Breach? 

Speak to one of our experts today about your post-breach recovery mechanisms.