MPR Underwriting
MPR Underwriting
  • About
  • Team
  • Products
  • Insights
  • Resources
  • Contact
  • About
  • Team
  • Products
  • Insights
  • Resources
  • Contact
  • Linked in
  • Twitter
  • Data protection and privacy notice
  • Cookie Policy

Cyber Insurance – a ‘Potential’ Difference

  • Home
  • Insights
  • Cyber Insurance – a ‘Potential’ Difference

Insight

Cyber

    Discussions about cyber insurance policy cover and sales techniques have intensified recently, but the narrative can be high level and lacking in any real-life context. Often the best way to understand how much finesse a policy has, and the difference that one word can make, is to look to an actual example.

    In this case, it was the use of the word ‘potential’when defining a cyber event. We’ve mentioned it before in our MPR top 5 tips – overlooked features and it might not seem like much, but given the immediacy of incident response requirements, it played a very important role.

    Consider the following sequence of events:

    A cyber-criminal impersonates an organisation by creating a variant website domain name and sending a phishing email to a member of the public, purporting to be from that organisation, in an attempt to defraud them. The member of the public spots the fraudulent attempt and contacts the organisation to warn them. Although there might not appear to be a typical cyber event/breach (and no financial loss, extortion attempt, system damage or business interruption) the organisation is understandably concerned and decides to engage their cyber insurance policy…

    What happens next? Can they engage the insurers incident response and legal services (to establish what has occurred and investigate a solution) or will they be left to deal with the matter on their own? In the early stages of this example, it was unclear if there had been a breach or unauthorised access, so some contracts may not have permitted cover or begin any immediate response/triage until that had been established. Others may allow the incident response services to engage, but if it transpires that it was just a random event with no access or breach of the company systems, then the event may not be covered, leaving the organisation to pay those initial costs.

    However, given that an unauthorised access/breach cannot be ruled out, isn’t it better to have policy language that allows the experts to engage quickly and professionally, regardless? This is where ‘potential’ comes into play. If the policy definition includes the following phrase:

    “Cyber Event means an actual or potential unauthorised access…..”;

    …then the policy can be triggered, and the organisation can access the help that may be required. In the scenario above, that help includes the immediate incident response, legal advice, triage and coordination, which leads to an analysis of the phishing email (to verify the precise domain registrar) and preparation of a shutdown communication request, leveraging with local law enforcement if required. The organisation can be confident that their good name was protected and other 3rd parties were not defrauded through an impersonation.

    So, the MPR tip: Look for an insurer that would cover a potential cyber event as well as an actual one. For more tips, such as 5 reasons to act quickly and further helpful material on Cyber Insurance, please visit our cyber product page

    Tim Jones

    Written by

    Tim Jones

    News

    A 5 Star Thank You, from MPR Underwriting

    Brokers were at the heart of the MPR proposition from the very start. That is why we are delighted to have secured a 5-star rating from every category of broker in the Insurance Times Broker MGA survey. *

    Insight

    Social Engineering Fraud –
    a perfect storm

    Underwriters don’t like surprises. We like the predictable and the foreseeable. Yet, every now and then, a theme emerges that wasn’t predicted or foreseen.

    Factsheet

    Keeping your Cyber Insurer Happy

    Risk mitigation is a key compliment to any quality insurance solution, and cyber is no different. A combination of a rise in the severity of claims and hardening market conditions has focussed attention on simple yet effective measures that insurers will look for as minimum requirements

    10th Floor
    Chancery Place
    50 Brown Street
    Manchester
    M2 2JG

    0161 241 3550
    enquiries@mprunderwriting.com

    • About
    • Team
    • Our Products
    • Insights
    • Resources
    • Contact
    • Data protection and privacy notice
    • Cookie Policy
    • Linked in
    • Twitter

    MPR Underwriting Limited is a company incorporated in England and Wales. Registered Address: 10th Floor, Chancery Place, 50 Brown Street, Manchester, M2 2JG. Company Number: 10529758. Authorised and regulated by the Financial Conduct Authority.

    Privacy Policy and Cookie Information

    We use a small number of cookies on this website to make the website as useful as possible. None of these cookies collect any personal information. To find out more about these cookies and how to control their use, see our Read More.

    Close