9/7/2018

Why Cyber Security Insurers Deny Your Incident Claims

You got cybersecurity insurance to cover you in case of a breach. Now you’re protected and secure- except you’re NOT. Cybersecurity insurance agencies will only protect you if you do your part.

 

Recently, an undisclosed client of ours experienced a major cyber security attack on its infrastructure, which is not managed by Digital Edge. However, Digital Edge was immediately engaged to assist with incident response and forensic efforts. The details of the incident will be further divulged into in future publications, however, for now, we can say that this particular attack is directly related to a topic discussed in one of our previous publications. The client’s cybersecurity insurance denied their insurance claim due to the client’s failure to configure proper logging.


Cybersecurity insurers will accept claims when the client has taken steps to protect their data such as maintaining proper logging, changing default settings and properly configuring their network devices. Any incidents resulting from client negligence will not be covered in an incident. The client was not able to present required logs to the insurance company for review. In this case, the insurance company considered the client to be at fault for not taking minimum precautions to protect their data:   


“A carrier looking to deny coverage based on exclusions similar to the "Failure to Follow Minimum Required Practices" exclusion may look to the existence of objective and external standards, such as the ISO/IEC 2700 family of standards, as well as other standards set forth by NIST, and determine that the institution failed to take the necessary and prudent steps to safeguard its data.”  

 

The good news is that any gaps in coverage can be accounted for, based on a business’s security measures. Appropriate cybersecurity recommendations include having written policies and procedures, conducting a risk assessment annually and adopting a breach-response policy.  

 

Digital Edge is certified in ISO 27001:2013 in Information Security Management, offering compliance consultation and implementation services for any law, standard or regulation. We can inform and guide businesses through the process of certifications or security audits. Digital Edge’s  VP of Compliance can answer any and all of your questions regarding these services.   

 

Digital Edge operates a complex, geographically diversified Elasticsearch/Logstash/Kibana cluster that is used to collect and securely store our own and our clients’ logs. Every client’s  logging, storing, and indexing activities are fully managed by Digital Edge.  Digital Edge also offers cybersecurity to our clients, which includes penetration testing, alert analysis, incident responding and 24/7/365 monitoring. For more information about our IT security services, you can visit our website or contact us to speak to an IT consultant today!

 

Don’t be defenseless against the cyberworld. Be safe, be protected. Digital Edge can show you how!

Was this article helpful?
Danielle Johnsen
VP of Compliance

Danielle V. Johnsen joined the Digital Edge team in 2015 as the VP of Compliance.  With a passion for information security and organizational compliance, Danielle’s vision is to enable collaboration between 'The Business' and Information Technology, thus creating common objectives and outcomes that benefit the organization, while staying in compliance with all regulatory bodies and companywide policies. Specializing in security frameworks and policies such as: ISO 9001, ISO 27001, NYS DFS 500, NIST, HIPPA, GDPR, PCI, OSPAR, and more!