MPR Underwriting
MPR Underwriting
  • About
  • Team
  • Products
  • Insights
  • Resources
  • Contact
  • About
  • Team
  • Products
  • Insights
  • Resources
  • Contact
  • Linked in
  • Twitter
  • Data protection and privacy notice
  • Cookie Policy

Cyber events and the importance
of incident response

  • Home
  • Insights
  • Cyber events and the importance of incident response

Insight

Cyber

    Back in 2012 the then director of the FBI (Robert Muller) used the famous phrase “There are only two types of companies; those that have been hacked and those that will be…”. Whilst the comment raised a few eyebrows at the time, just five years later, it’s no longer surprising when a cyber event happens to, or within, an organisation. The true test is now, arguably, not whether an event can be defended, or what the immediate damage is, it is the way in which the event is responded to.

    So, we are no longer talking about ‘if’ and ‘when’ any more, it’s a case of ‘how’, how will an organisation deal with a situation?

    The first 48 hours following a cyber event are crucial. This is the period where the incident response and subsequent decisions can have the biggest impact on any organisation. Slow or poor handling can have catastrophic implications and leave a reputation in tatters.

    As Robert Muller would attest, cyber threats are not new and organisations can have few excuses not to identify and mitigate the risk. However, most of this focus has been on the defence as the major priority. If an attack can be prevented in the first place, then this should remove the problem. However, the threats in the cyber world evolve incredibly quickly, at a time when more and more businesses are dependent on technology to operate and function. So, there is now a recognition that there should to be a heavier importance given to a rapid response and recovery if the worst happens.

    Most cyber policies should reimburse an organisation for costs and liabilities incurred in dealing with the fallout of a cyber event. But a good insurance product should do much more than that. Significant importance needs to be attached to the stages of incident response and the assistance provided. Immediacy of action and having the correct experts involved in those first few hours is crucial – this phase might not end up as the largest financial part of the claim for the insurer, but it could be the costliest part to the insured if done incorrectly.

    It is also not just about checking what 1st party costs are covered by a policy, it’s about understanding how implementation occurs. Can one phone call from the insured give access to an incident response team dedicated to the process? Are they able to speak to a specialist lawyer within one hour of the event, under the protection of legal privilege, to help understand what has happened and what needs to be done, to assess the circumstances, deal with the immediate concerns and decide on the suitable next steps? This could require calling on experts in forensics, foreign privacy law, PR, notification and credit monitoring, crisis management, ID theft, extortion or ensuring any regulatory requirements are met (particularly relevant with the implementation of the UK Data Bill, in line with the General Data Protection Regulations coming into force in 2018).

    Most organisations will not have this type of resource in-house, nor know where to find it in a time of crisis. A pro-active insurer who can offer this can therefore be vital. It is also important to note that any longer-term consequences (for example, 3rd party claims, mass actions, regulator fines, business income loss and reputation damage,) are all heavily mitigated or influenced by the immediate evaluation, action and handling of the short-term crisis. It’s mutually beneficial for both insured and insurer to have this speed and expertise available – there is no catch.

    So, when looking at Cyber events and the risk involved, that shift in mitigation mind-set from defence to response is enormously important. As Warren Buffet said after 9/11, when he’d failed to fully mitigate the risk he’d foreseen in his business: “I violated the ‘Noah rule’: Predicting rain doesn’t count; building arks does”.

    Tim Jones

    Written by

    Tim Jones

    Insight

    DIC Clauses – Let’s have a look
    at what you could have won!

    Those of a certain vintage will recognise that ‘Difference in Conditions’ (DIC) clauses have been around for quite some time.

    Insight

    The Insurance Act 2015:
    Was the jump as long as the run up?

    The Insurance Act 2015 (“the Act”) was hailed by some as “the most profound shift in UK commercial insurance law ever”.

    Insight

    Management Liability Loss Examples
    (Directors & Officers and Company/Entity
    Sections of Cover): 25 for 2025

    2024 continued to show the same variety of claims that we saw in 2022 and 2023. As with those years, the constellation of facts in each case is unique.

    10th Floor
    Chancery Place
    50 Brown Street
    Manchester
    M2 2JG

    0161 241 3550
    enquiries@mprunderwriting.com

    • About
    • Team
    • Our Products
    • Insights
    • Resources
    • Contact
    • Data protection and privacy notice
    • Cookie Policy
    • Linked in
    • Twitter
    MPR are Chartered Insurance Underwriting Agents

    MPR Underwriting Limited is a company incorporated in England and Wales. Registered Address: 10th Floor, Chancery Place, 50 Brown Street, Manchester, M2 2JG. Company Number: 10529758. Authorised and regulated by the Financial Conduct Authority.

    Privacy Policy and Cookie Information

    We use a small number of cookies on this website to make the website as useful as possible. None of these cookies collect any personal information. To find out more about these cookies and how to control their use, see our Read More.

    Close