All companies use some type of internet to handle their business. From the street vendor running a payment app on their phone to a stock trader on Wall Street. From a teacher in her classroom, to a doctor in surgery. No one is immune to cyber events.
The latest cyber loss resulted from CrowdStrike’s content update that was not thoroughly vetted prior to releasing to 29,000 clients. This resulted in internet crashes and outages affecting over 8.5 million Windows devices. Various industries across the globe were affected, from airlines, like Delta Air Lines, to retailers, like Target. Many healthcare providers were negatively affected as well, causing disruptions to medical visits, prescription drug issuance, and delaying surgeries. From individuals to full-scale municipalities, there are financial and personal losses to consider due to the CrowdStrike crash.
One virtual mistake, by one company, led to millions of real-life consequences. We will not know the true costs and damages for several years. Damage to branding, loss of trust in the companies affected, and actual loss of revenue from downtime can take years to correct. That is not to mention the costs and inconvenience to patients, customers, and travelers felt across the world from banks to hospitals.
Cyber insurance, along with data breach coverage, can change in scope from carrier to carrier. Not all wording and coverage is afforded the same. That is why it is important to use an experienced brokerage, like CVM Global, that can go over your needs fully and find the right plan for your business. Here are a few ways that cyber insurance can assist in the CrowdStrike breach, and other breaches that may occur in this digital age.
System downtime, inability to access networks, inability to access bank accounts, payroll, and operate fully due to a cyber event are typically covered under the system failure or business interruption sections of the cyber policy. This can include 1st and 3rd party coverage. An example is dependent business interruption – whether suffered by a direct loss or by the insured’s own actions. Coverage may also apply if a loss results from the outage of a service or business that the client depends on to operate daily, such was the case with the CrowdStrike cyber event.
Many policies have a critical response team to help right away via a 24-7 hotline or in-person visit. This may include a sub-limit of coverage to handle public relations and ground control of the incident. It is important that the claim is reported quickly to stop the bleeding and respond as quickly as possible. All insureds are required to have a cyber response plan with executives and lower-level employees all receiving training on emergency system turn-off, points-of-contact, and protocol on next steps when a breach occurs. It is the responsibility of the insured to act quickly and protect what they can of the data after a breach occurs, as well as notify the agent and carrier of the claim promptly for coverage to apply. If insureds are unclear how insurance coverage may come into play, they should contact CVM Global to review their policy wording and discuss claims reporting.
LEGAL DISCLAIMER
The views expressed here do not constitute legal advice. The information contained herein is for general guidance of the matter only, and not for the purpose of providing legal advice. Discussion of insurance policy language is descriptive only. Every policy has a different policy language. Coverage afforded under any insurance policy issued is subject to individual policy terms and conditions. Please refer to your policy for the actual language.