Cyber Claims Handling Strategy Still Evolving
Reinsurance executives polled at the recent 2015 PCI annual meeting by Guy Carpenter & Company agreed that cyber continues to be the most threatening emerging risk.
As the number of data breaches mount, more focus is being placed on the claims that result from them. According to the latest Cyber Claims Study published by NetDiligence last month, the average total claim costs for a breach amounted to $673,767.
Joe Salpietro, cyber insurance claims manager with IDT911, says cyber claims are complex and require specialized handling.
The claims manager started a sister company called CyberClaims911, which is designed to streamline cyber claims management for insurers processing cyber liability claims. The service is designed for carriers entering the cyber insurance market and/or looking to reduce claims handling costs and inefficiencies.
There remain some issues to handling cyber claims, said Salpietro. The main issue is that cyber claims litigation is relatively new so that each court case decision has what he calls a ripple effect throughout all pending claims with insurers.
“If you looked at something six months ago and you thought it was not that big of a deal and you have a small reserve, and you thought you’re in a good area handling that particular issue; a recent case comes out and it can flip your understanding on its head, then all of a sudden you’re in a reactionary mode where you have to reassess and look at your strategy,” Salpietro said.
Typically, with litigated claims there is a set strategy to follow, he said. That’s not so with cyber claims because the legal climate is in a state of flux.
“It continually evolves and it’s not really settled,” Salpietro said. “As a result, you are always having to reassess strategy and reserving.”
Investigations tend to be handled differently in cyber claims.
Because of the time sensitivity, coverage review as well as examination of the insured’s business and the incident have to be completed quickly, Salpietro said.
“You need to know what you want to do really quickly and have a plan in place really quickly. The more time that you allow to go by, you’re opening yourselves up to third party actions from other parties, class actions,” said Salpietro.
Besides potential third party actions, insurers could face fines and penalties if the claim isn’t handled appropriately.
“The idea is to really collaborate with the insured and find out…what needs to be done and formulate a plan,” said Salpietro. “That plan will be very different based upon a number of factors. First of all, the type of policy that they have and what coverages they have in place, the type of incident, the breach and how many people that it affects.”
In addition, the type of information breached could affect how a cyber claim is handled.
There are there’s three types of information: PII – personally identifiable information, PCI – personal credit information and HIPPA – the Health Insurance Portability and Accountability Act, relating to the dissemination of medical information.
“Each one of those requires a different reaction and a different set of plans,” said Salpietro.
The cyber claims expert said that the most important step is to determine what type of information was breached in order to assess the potential damage and create a strategy put the policyholder back on track so they can continue their normal business.