Cybersecurity is a hot topic for companies, irrespective of the industry and size. Thus, many companies embrace cyber insurance to cushion themselves against the fallout from attacks. This type of insurance drastically reduces the risk of disruptions in the event of a cybersecurity incident. Companies benefit from the insurance as it provides critical cover for financial losses associated with dealing with the breach.
Sean Connery with Las Vegas IT services company Orbis Solutions says, “When applying for a cyber liability insurance policy, businesses can expect to fill complex application forms comprising dozens of pages. Unlike established insurance lines, insurers have not introduced a standard approach to the application process.”
Hence, the need for managed service providers (MSPs) to assist clients in dealing with difficult questions, material misrepresentations, and the adoption of basic controls. With a reputable MSP firm’s support, businesses will find the cyber insurance application process less daunting. Adequate preparation for the process makes it easier to take out the right level of insurance cover.
What to Expect From the Application Process
Finer details contained in cyber insurance contracts play a critical role in ensuring that all parties understand the scope of coverage. Incorrect details or vagueness creates serious problems when it comes to filing claims. Insurers use the information to ascertain an organization’s cyber risks.
Alexander Freund who offers IT support in Miami with 4it shares, “In most cases, insurers assess the client based on industry, IT infrastructure security, breach history, data backups, cybersecurity policies, and compliance with specific regulatory requirements. However, the application forms often include questions and other details capable of causing specific coverage problems.”
As a managed service provider, you need to familiarize yourself with potential issues that may affect your clients’ overall cyber insurance coverage. Here are vital aspects to consider.
Definitive Questions and Definitive Answers
Some questions on the cyber insurance application forms can be tricky to answer for companies. For instance, insurers may ask whether an organization is HIPAA compliant. This question presents problems when required to confirm with a true or false entry. IT experts agree that providing a logical answer is difficult because compliance is not a one-off event but a journey.
Hence, your clients may provide an inaccurate answer based on their compliance status at the time. The question is confusing in that applicants find it challenging to determine HIPAA compliance at the time of applying or throughout the year.
Given the question’s vagueness, it becomes tricky to understand how the policy treats any changes in an organization’s IT infrastructure security. As an experienced MSP, you need to help clients seek clarity on whether the insurer makes provisions for security or compliance status changes.
The provisions may apply to the questionnaire or policy conditions. In such cases, a company or you, as the MSP, may need to inform the insurer about the changes. In the end, these uncertainties can lead to insurers declining coverage.
Make the Broker or Underwriter Reconsider
As the managed service provider, your role is to ensure that clients obtain maximum coverage by eliminating vagueness and incorrect information from the policy contracts. Thus, you should assist by making the broker or underwriter rework some questions presented to companies during the cyber liability insurance application process.
The underwriter or agent must understand the consequences of faulty questions. You can also add an addendum, a paper-based note, or an email to the application documentation explaining the problems with the questionnaire. Doing so passes the buck onto the agent or underwriter to reconsider the wording.
On the other hand, you have the right to seek clarity if there are insurance terms you do not understand. Incompetence is common among insurance brokers and underwriters. In such cases, your role as the MSP is to present your client’s questions for onward transmission to the agent or underwriter.
Consider MSP Liability
During the application process, your job as a managed service provider is to ensure that your client enters correct information on the forms. To some extent, your client’s liability extends to you because a wrong recommendation undermines the ability to initiate a successful claim.
Misrepresentation can force the client to divert the claim to your IT firm’s insurance. This situation compromises your company’s reputation as the client may lose their insurance policy and the premiums. Also, carefully consider any additional information you recommend including in the application. Some unnecessary details may inflate the client’s cyber insurance premiums.
For this reason, avoid the temptation to make the client’s cyber risk profile look acceptable to the insurer. Instead, focus on including factual information as required by the policy. It is vital to obtain accurate and detailed information from the client to avoid entering inaccurate answers.
Various aspects of cybersecurity that many companies take for granted can impact negatively on their cyber insurance applications. Countless businesses fail to implement user awareness training or adopt comprehensive cybersecurity policies. These basic controls play a vital in lowering the premiums. In the end, honesty is king.
On another level, undergoing the cyber insurance application process can help companies identify vulnerabilities. Your IT firm should subsequently assist the client by taking appropriate steps to minimize security risk. Some insurers are willing to renegotiate the contract terms if your client’s security protocols and IT infrastructure setup improve.
Dan De Steno with Dental IT firm NOVA Computer Solutions (https://www.novacomputersolutions.com/dental-it/) reminds us, “when assisting clients in applying for cyber policy, ensure that key people participate in the process. Some key staff members who can help you submit accurate information include risk managers, privacy officers, HR managers, IT experts, financial officers, and the board of directors.”