fb pixel bcp.crwdcntrl.net

Cyber Insurance Companies Don’t Want To Pay Out-  Here’s How To Ensure You Are Covered

Cyber insurance is as essential to an organization as health insurance is to a person.  As businesses become increasingly digitized, the risk of a cyberattack grows. Cyber insurance paired with a cybersecurity solution can help businesses recover from a data breach, ransomware, or other cyberattacks.

It’s no secret that cyber attacks are on the rise and causing major financial losses for organizations across all industries. In fact, more than 800,000 people are being hacked per year, Norton reported.   And even with cyber insurance, some companies are still finding themselves being partially covered, forcing them to pay the costs on their own.

Implementing Security Controls 

Both cyber insurance and cyber security are important, but having one does not mean you can forgo the other. In order to ensure your company is protected, it’s important to take a layered approach by having both a cyber insurance policy and proper security controls in place.

However, most cyber insurance policies will not provide coverage unless specific cyber controls are implemented. These include the following:

  • Multi-factor authentication (MFA)
  • Endpoint detection and response
  • Incident response plan
  • Cybersecurity awareness training
  • Encryption of data
  • Data backup

This is necessary for cyber insurance coverage because companies that have proper security controls in place are less likely to experience a data breach. Companies need to stay up-to-date on their cyber insurance policy to ensure they are getting the best coverage for their business needs. In the case of an attack, businesses need to be aware of what is and isn’t covered by their policy.

Companies Not Getting Their Money’s Worth

Horror stories circle the cyber world when businesses don’t get the payout they were seemingly promised. One large pharmaceutical company successfully sued their insurers for a large sum of money, and one payment processor and one hospital data breach got denied due to suspicious policy wording.


In 2014, a bitcoin payment processor company known as BitPay was hacked. The hacker went after a business partner first, sending a phishing email through the account of Bitcoin’s David Bailey. The email was sent to BitPay’s CFO, where he provided his credentials and was led to a malicious website, giving the hacker full access.

The attack resulted in $1.8 million being stolen from the company. BitPay filed a claim with their cyber insurance company, Massachusetts Bay Insurance Company, but was quickly denied.

Because the hacker was able to start from Bitcoin’s email and not BitPay’s, it was considered an “indirect loss” which was not covered in the policy.  If the hacking started in BitPay’s account, it would’ve been a different story.

Cottage Health

In 2013, 32,500 confidential medical records were at risk when Cottage Health suffered a data breach. Cottage Health is a company operating a network of hospitals throughout Southern California.

Cottage Health’s insurance company, Columbia Casualty, released a statement saying they are not obliged to defend or reimburse Cottage because they did not comply with the terms of the policy. 

Cottage didn’t give up, and fought back in court with a lawsuit, claiming violations of HIPAA. The California Supreme Court ultimately ruled in favor of Cottage Health and obligated Columbia Casualty Co. to pay for the damages of the data breach, including legal fees.

Attain Technology Can Help With Cyber Insurance

Cyber insurance companies have now seemingly become the newest cybersecurity enforcers. With more and more organizations purchasing policies and relying on the security they provide in the event of a disaster we need to review these horror stories to be better prepared when shopping for not only a cyber insurance policy; but also a reputable managed service provider that can ensure you have the proper security controls in place to protect your business. 

Cyber insurance companies will often require organizations to submit a risk assessment before providing a policy, and the results of that assessment can help businesses determine their level of vulnerability and coverage needs. Attain Technology can help with your risk assessments or any other aspect of your cybersecurity risk management.  Give us a call today to schedule your network risk assessment today.