In last month’s post, we covered the key actions you need to take in the first 72 hours after a cyberattack. Those first three days can be summarized as stop the bleeding, assess the situation, and
plan a response.

Day 4: Recovery Begins

By this point your insurance-company-approved cybersecurity experts have a pretty good idea of what they’re dealing with and how to begin restoring impacted systems without exposing your business to additional risks. The last thing you or your insurance company wants is to restore a system from a compromised backup and restart the attack. While waiting three days to begin recovery operations may feel like major business disruption, a secondary attack at this point would be even worse.

Coordination with your insurance provider is essential here. Not only will you be needing to agree on the recovery operations, but you’ll also begin to discuss details about your claim.

Your cybersecurity insurance policy will likely have limits on how many hours of recovery services they will cover. This is why it’s important to annually review your disaster recovery plan to ensure your backup and recovery solutions are up-to-date. If the recovery takes longer because you didn’t keep them up-to-date, you’ll end up paying the difference when you can least afford to.

Your policy may or may not include coverage for business interruption. If it does, you’ll need to know beforehand how long the waiting period is before coverage kicks in. Some policies will begin covering losses within a few hours of the attack, while other policies could require 48 hours of interruption before coverage begins. Some policies may require a complete shutdown of operations before coverage begins, while others will cover a partial disruption or slowdown in operations. You need to know this before the attack.

Day 5 and Beyond: Recovery Ends, Evaluation and Preparation Begin

Depending on the scope of the attack and the robustness of your backup and recovery systems, recovery operations could wrap up quickly or take a few days. Typically the most important systems will be recovered first, so things will start to feel better fairly quickly. But that doesn’t mean you’ll be done dealing with the ramifications of the attack.

Most insurance companies will require a post-incident review. This will look into the causes of the attack and the effectiveness of the response. The report will identify areas for improvement. The findings of this report will likely influence the pricing and terms of future policies for your company. If you were putting off security upgrades before the attack, don’t be surprised if your insurer insists on the upgrades happening before they’ll cover another incident.

You’ll now begin the paperwork process. Be prepared to provide detailed documentation of your preparations before the attack, your response after the attack, and expenses and losses incurred. You will need to prove that your company complied with the terms of the insurance policy to support your insurance claim. While the agent that sold you the policy may be super friendly, don’t expect youradjuster to be as accommodating. Depending on your industry, you may also have legal and regulatory requirements related to the breach. Your requirements could range from filing a report about the attack to notifying customers about a data breach. Your insurer may help you navigate this complex minefield.

Take Aways

If you are unfortunate enough to suffer a cyberattack, there are numerous opportunities for you to make a misstep that leads to your insurance claim being denied. With the latest statistics showing over 70% of small businesses reporting a cyberattack in the last 12 months, sooner or later it will happen to your business. Now is the time to prepare not only for the attack, but also the insurance claim process. Begin by reviewing both your current security solutions and your insurance policy. By integrating your cybersecurity insurance requirements into your security policies and disaster recovery plans today, you’ll help to ensure compliance and a successful claim.

Are you prepared for the aftermath of a cyberattack? Learn the crucial steps to secure your recovery and insurance claim process. Don’t wait until it’s too late – equip yourself with the knowledge and tools to safeguard your business. Contact us today, to discuss your options surrounding managed cybersecurity services for your business!