An east coast bank, The National Bank of Blacksburg, is suing Everest National Insurance Company for "bad faith denial of coverage" after the insurer refused to cover most losses from two phishing attacks that resulted in hackers stealing $2.4 million in 2016 and 2017.
Brian Krebs has the detailed story on the bank's insurance policy that had two riders to protect it against cybercrime. One had a limit of $8 million, the other just $50,000, and the insurance company says only the $50,000 rider applies in this case. See the bank's lawsuit against its insurer for yourself.
3 considerations if you're looking at cyber insurance
We've been hearing about this very concern from leaders at our SecureWorld cybersecurity conferences around the continent. Many leaders are afraid insurers will try to wiggle out of paying after a cyber incident.
Despite that, demand for cyber insurance is growing, because an increasing number of boards see cyber as a "new" business risk that they must protect against.
We had a chance to speak with U.S. Bank CISO Jason Witty about his experience with cyber insurance after his keynote at SecureWorld Twin Cities. Like most in the financial sector, U.S. Bank has cyber insurance.
Here are three things to prepare for if you’re thinking of getting a cyber policy.
1. Ask what the evaluation process is like
“The underwriting process varies greatly by insurer, all of them are going to interview you," he says.
2. Make sure you understand your commitment
“You need to understand your responsibility to the insurer when you are buying this policy because you are committing that you have a certain level of controls and a baseline of best practices,” Witty says.
3. Understand exclusions
“It’s a tricky one because the actuarial data is not all there. There are some exclusions. You really need to understand your policy,” he says.
And the battle over what is excluded (or not) is what the lawsuit that prompted this story is all about.
[Additional resource: Cybersecurity attorney Shawn Tuma in a SecureWorld story, 4 Key Cyber Insurance takeaways form Spec's vs. Hanover Lawsuit]
