If your business suffered a fire, who would you want to call first, your commercial insurer to file a claim or the fire department to come put out the flames?  When a cyber incident occurs, the same thinking should apply, but it is being complicated by organizations who are relying on their commercial insurer for incident response without understanding of their capabilities or process and those same insurers that may try to nullify coverage if their process isn’t followed to the letter.

Every organization should know how to file a breach claim with their insurer and make this process part of their incident response plan.  If your insurer provides 24/7 immediate access for cyber response, this may be the fastest route to address the issue and minimize damages.  However, if your insurers process is that your organization must identify a resource to help with the incident, pay the initial retainer required for the resource to begin investigating (typically a minimum of $25,000) and then file a claim with the insurer, you may be in for some unwelcome surprises, including:

1) Time to response.  If you have to find and pay resource(s) to help you with a cyber incident, time is critical.  The more time the incident goes without a response, the greater the potential damages.  This process takes at least 24 hours, often 48-72 hours just to get the retainer in place.

2) Your deductible. It’s not unusual for commercial deductibles to run between $25,000 and $50,000, which means that retainer that you paid for will be coming out of your pocket and will not be reimbursed.

3) Coverage exclusions.  One of the worst things to find out after an incident are all the costs that may not be covered, such as regulatory fines, notification costs, or litigation resulting from the incident.

Take the time to check your policy and understand both the coverage and process, and you will be able to answer this very important question.