MPR Underwriting
MPR Underwriting
  • About
  • Team
  • Products
  • Insights
  • Resources
  • Contact
  • About
  • Team
  • Products
  • Insights
  • Resources
  • Contact
  • Linked in
  • Twitter
  • Data protection and privacy notice
  • Cookie Policy

Cyber Insurance – a ‘Potential’ Difference

  • Home
  • Insights
  • Cyber Insurance – a ‘Potential’ Difference

Insight

Cyber

    Discussions about cyber insurance policy cover and sales techniques have intensified recently, but the narrative can be high level and lacking in any real-life context. Often the best way to understand how much finesse a policy has, and the difference that one word can make, is to look to an actual example.

    In this case, it was the use of the word ‘potential’when defining a cyber event. We’ve mentioned it before in our MPR top 5 tips – overlooked features and it might not seem like much, but given the immediacy of incident response requirements, it played a very important role.

    Consider the following sequence of events:

    A cyber-criminal impersonates an organisation by creating a variant website domain name and sending a phishing email to a member of the public, purporting to be from that organisation, in an attempt to defraud them. The member of the public spots the fraudulent attempt and contacts the organisation to warn them. Although there might not appear to be a typical cyber event/breach (and no financial loss, extortion attempt, system damage or business interruption) the organisation is understandably concerned and decides to engage their cyber insurance policy…

    What happens next? Can they engage the insurers incident response and legal services (to establish what has occurred and investigate a solution) or will they be left to deal with the matter on their own? In the early stages of this example, it was unclear if there had been a breach or unauthorised access, so some contracts may not have permitted cover or begin any immediate response/triage until that had been established. Others may allow the incident response services to engage, but if it transpires that it was just a random event with no access or breach of the company systems, then the event may not be covered, leaving the organisation to pay those initial costs.

    However, given that an unauthorised access/breach cannot be ruled out, isn’t it better to have policy language that allows the experts to engage quickly and professionally, regardless? This is where ‘potential’ comes into play. If the policy definition includes the following phrase:

    “Cyber Event means an actual or potential unauthorised access…..”;

    …then the policy can be triggered, and the organisation can access the help that may be required. In the scenario above, that help includes the immediate incident response, legal advice, triage and coordination, which leads to an analysis of the phishing email (to verify the precise domain registrar) and preparation of a shutdown communication request, leveraging with local law enforcement if required. The organisation can be confident that their good name was protected and other 3rd parties were not defrauded through an impersonation.

    So, the MPR tip: Look for an insurer that would cover a potential cyber event as well as an actual one. For more tips, such as 5 reasons to act quickly and further helpful material on Cyber Insurance, please visit our cyber product page

    Tim Jones

    Written by

    Tim Jones

    Language Matters

    All Employees as
    Insured Persons

    A recent policy comparison highlighted ‘all employees as Insured Persons’ as the main policy feature. From the perspective of a director, I found this both curious and puzzling.

    Insight

    Recovery of assets following
    an employee fraud

    The Association of Certified Fraud Examiners estimates that, on average, 6% of the turnover of an organisation is lost to employee fraud.

    Insight

    Prior & Pending Litigation Date and Retroactive Date
    – A Case of Mistaken Identity?

    The question of the difference between, and application of, the prior and pending litigation date (“P&P date”) and the retroactive date (“retrodate”) is a frequently visited conversation and can sometimes be difficult to decipher.

    10th Floor
    Chancery Place
    50 Brown Street
    Manchester
    M2 2JG

    0161 241 3550
    enquiries@mprunderwriting.com

    • About
    • Team
    • Our Products
    • Insights
    • Resources
    • Contact
    • Data protection and privacy notice
    • Cookie Policy
    • Linked in
    • Twitter
    MPR are Chartered Insurance Underwriting Agents

    MPR Underwriting Limited is a company incorporated in England and Wales. Registered Address: 10th Floor, Chancery Place, 50 Brown Street, Manchester, M2 2JG. Company Number: 10529758. Authorised and regulated by the Financial Conduct Authority.

    Privacy Policy and Cookie Information

    We use a small number of cookies on this website to make the website as useful as possible. None of these cookies collect any personal information. To find out more about these cookies and how to control their use, see our Read More.

    Close