What should I do if I have a cyber claim?

Who should I notify?

In situations requiring urgent assistance, such as an ongoing breach, your first step should be to contact the breach response hotline written in to the policy. The hotline is available 24/7 and can give you access to a panel of pre-approved specialists who can provide IT support and forensics, legal assistance, public relations specialists, and other breach response services.

Most cyber policies will have a ‘prior consent’ requirement, which means that all third-party specialists must be pre-approved by the insurer before commencing work. By utilising the insurer’s panel vendors, you can bypass the approval wait time and access immediate support without having to wait for your insurer’s feedback.

Calling the hotline does not constitute a formal notification to the policy and so it is important to also notify your insurance broker of the incident as soon as possible. Your broker can then arrange for a formal notification to be made to your insurers and guide you through the claims process.

If you do not require any urgent assistance then you do not need to contact the hotline, just contact your broker and they will facilitate a formal notification to the insurers.

When should I notify?

As soon as you become aware of an incident that might lead to a claim, cyber incidents move quickly and so it is imperative that you contact the hotline and notify your broker immediately. Ideally your policy should be built in to your incident response plan so that the relevant stakeholders know to consult it as soon as a breach is discovered.

If you are unsure then it is always best to err on the side of caution. Notifying a cyber incident that does not materialise is unlikely to impact your insurance quotation and, in some cases, may improve your relationship with your insurer as it demonstrates a good risk management culture.

What information should I provide?

When contacting the hotline, provide them with the name of your insurer and your policy reference. They will then verify that you have a policy in place and should arrange a call back within the hour so that they can triage the incident. They will then advise you on next steps and explain what assistance they and the other panel vendors can provide.

When notifying your broker or insurer, aim to provide a short summary of the nature of the incident and when you became aware of the incident, the parties involved, and any costs incurred to date.

If you have engaged any third-party specialists, such as legal firms or forensics, provide their names, statements of work, hourly rates charged, and any other documentation that may be relevant.

What do I need to be aware of?

It’s crucial to be aware of specific policy provisions that may restrict you recovering costs from your insurer – work on the basis that you must obtain consent from your insurer before incurring any costs. Refrain from admitting liability and ensure that you maintain ongoing communication with your insurance broker and your insurer to keep them informed of any developments. Your insurance broker will help you navigate your policy’s obligations and ensure compliance, safeguarding your ability to recover losses covered by your insurance.

Experiencing a cyberattack can be a highly stressful and disruptive event for individuals and organisations alike. Knowing how to respond effectively is crucial to minimising damage and mitigating potential risks. By understanding the above processes ahead of time and incorporating these actions into your playbook, you’ll have a better chance of remaining in control of the situation.