McGriff Homepage

Decoding Cyber Risks: Avoiding Mistakes in Cyber Claims

About this webinar

This installment in our Decoding Cyber Risks Advisory Series features Kara Altenbaumer-Price with McGriff’s Executive Risk Advisors team and Bolanle Akinrimisi, E&O Claims Manager with Beazley Group.

Kara and Bolanle discuss best practices to ensure a smooth cyber claims experience, breaking down some of the common mistakes insureds make in the hours, days, and weeks following a security incident. These seemingly innocuous mistakes can actually negatively impact use of cyber insurance and result in unexpected, uncovered expenses.

Listeners will learn:

  • Why contacting your carrier should be one of your first steps during a security incident
  • What specific carrier information should be included in your cyber incident response plan
  • Why you should identify cyber vendors such as legal counsel and forensics support before a breach
  • How vendor selection can impact whether expenses are covered (and paid) or not
  • What expenses to track during an electronic business interruption
  • What to do if you have both a cyber and crime policy that could respond to the incident, and how your broker can assist

Avoiding Mistakes in Cyber Claims

Kara A.: [00:00:00] Welcome to McGriff's Decoding Cyber Risk Advisory series. My name is Kara Altenbaumer-Price with McGriff's Executive Risk Advisors team. In this installment of our series, we are speaking with a member of Beazley's Cyber Claims team about best practices to ensure a smooth cyber claims experience. Beazley is a specialist insurer with three decades of experience and providing clients with the highest standards of underwriting and claims service worldwide.

They are a proud participant in the Lloyd's market through which they access a wide range of insurance and re-insurance business from around the world. Beazley is well-known for its market, leading cyber breach and network security products. Joining me from Beazley cyber claims team is claims manager Bolanle Akinrimisi. Bolanle manages tech, media, cyber, and ENL claims arising from Beazley's breach response, media tech and InfoSec policies.

So welcome.

Bolanle A.: [00:01:00] It's nice to be here, Karen. Nice to see you.

Kara A.: [00:01:04] Nice to see you. And tell me at any point, if I mispronounce your name cause it's a tough one so correct me if I, if I mess it up as we go.

Bolanle A.: [00:01:13] No, you'll be fine. My name is Bolanle. I do work here at Beazley. A premier cyber insurance company and I'm excited to answer all the questions you have for me today.

Kara A.: [00:01:28] Excellent. Well let's just launch right on it. So, our first question I suspected cyber incident has occurred. What is the most common mistake you see insureds make in those first few hours?

Bolanle A.: [00:01:42] So the most common mistake ensured me is that they go out and hire a vendor, right. They just hire any vendor. They're just like, Oh my God. You know, for instance, if it's a ransomware, we to, you know, find someone that can, you know, pay this demand or find someone that's going to do this for me. And they start hiring all these vendors.

And unfortunately, sometimes, you know, vendors take advantage of insureds when you're in that panic state of mind and start charging them exorbitant amounts of money. And that ends up being a mistake because you know, most cyber insurance policy just like Beazley on our breach response policy, or BBR, we have a panel requirement for certain vendors for forensics legal crisis communication, public relations. So, if you're not using any of those vendors, unfortunately the insured may have to eat those costs. And usually those are the mistakes that are made within the first few hours.

Kara A.: [00:02:45] But what if they beg? What if they beg and beg and beg and they say, oh my gosh, I didn't have a choice. What happens?

Bolanle A.: [00:02:54] You know, it's hard and we get that, but, you know, the policy is a contract. It's a policy and most cyber carrier, you know, we have the panel requirement for a reason. And the reason it's not just for a cost for the insured, that's a savings but these are vendors that are heavily vetted and that this is all they do every day.

Don't do anything else. So, when we say, Hey, these are the legal vendors. These legal vendors, handle hundreds and hundreds of breaches a year, right? From the smallest insured to large fortune 500 companies, right. In forensics, they know exactly what they're looking for. They know exactly what they need to do when they go in.

And it's not a situation of, well, we don't understand how come your system looks like this, why it's like, they know exactly what to ask, where to pinpoint it and how to get there and to be efficient and quick, because they know and understand. This is a business for the insured and the insured needs to get back up and running.

And that is their prime focus and goal aside from at the same time, trying to determine how this threat actor got into the insured's system.

Kara A.: [00:04:04] Let's take that question a step further. What is one of the mistakes they make in relation to their cyber insurance in those first few hours? We talked about vendors. What else did they forget to do?

Bolanle A.: [00:04:17] Sometimes they forget to call us. I know that sounds like, Bolanle, that's basic that it happens. They forget to call us. And some instances, you know, I have had that they report it to the wrong carrier. They will report it to their property carrier versus their cyber carrier and not realize they're two different people.

Right. And the property care is like, okay. You know, they try to help them out with what is there. And then, you know, they finally realize they need to tell their cyber carrier. They're like, Oh my God. And then when you start having those conversations about, you know, what did you do? What about this?

What about that? Just kind of walking them through the steps. That's when they're like, oh my gosh, they're missing so many things. And usually that's, you know, a common mistake that I have seen happen. But fortunately, you know, agents and brokers like yourself were able to step in and say, wait a second, hold on.

When did this happen? Wait, we need to call the appropriate person. And they'll call us in. If it's, you know, Beazley, we try to get on it and try to assist the insured. Although it did happen maybe a week ago or two or three days ago, you know, we try to get in there to really. You know, make sure we don't miss anything.

Nothing's been deleted, forensically, things like that, just to get them to where they should be. So, they're not sitting in this almost state of limbo that I call it when their system is like basically useless or not being able, not being able to get into their system for them to be able to do their business operations.

Kara A.: [00:06:01] Now, do they need to call their broker? Like, do they need to call McGriff before they call Beazley?

Bolanle A.: [00:06:06] Yes. So, I think, I think that that's a good thing to do is that they should be calling their, their broker McGriff or calling whoever their broker is to assist them through the Beazley process, and they can also call Beazley directly.

We have a 24 seven hotline, you know doesn't matter the day of the time we are fully ready, capable, and willing to jump in and assist the insured. You know, I've been on those calls at midnight and at 10:00 PM on a Saturday, right. Or a Sunday because, you know, we understand this is their business and we want to help them through the process. We're here to help. And I don't want them thinking, well, it's an insurance company. They only Monday through Friday. No, we understand cyber, these attacks, they don't care what day of the week it is. They don't care if it's a holiday, I've worked on Christmas, I've worked on New Year’s Day. I worked on Thanksgiving; they don't care.

So, and, and, you know, Beazley, we pride ourselves knowing that we can be there for the insured 24 seven and helping them through that process. And, you know, the broker is usually an invaluable asset. To assist in that process when they submit the claim. So at least we had some information to then say, okay, this is what needs to happen going forward.

Kara A.: [00:07:29] You know, we always counsel our clients to have a process in place so that they actually know who to call first and who to call second and all of that in the context of a breach.

Bolanle A.: [00:07:38] I definitely say, you know, it's two calls. You make, you make one to your cyber carrier and you make one to your broker. And you should make them if possible, you have two different people doing it at the same time or do one right after the other, but as long as both are done, I think, you know, the insured is in a better position than having neither done.

Kara A.: [00:07:59] Okay. So, let's talk about one of the other calls that tends to get made sometimes. And that's we're going to talk a little bit about lawyers and some of those calls you and I are both lawyers. So, we understand. We know about this. So most cyber programs, our duty to defend, but can you tell me what this means and how that can trip insureds up sometimes in relation to lawyers?

Bolanle A.: [00:08:23] So a duty to defend policy means that the insurance company is assuming that there is coverage and there are no coverage issues. We are required to defend you provided defense counsel, you know, pay those costs and things like that until, you know, the entire situation is wrapped up. Right. And there's a settlement or it's closed or whatever the case may be.

And insureds seem to get tripped up because they think the only time they should call us is if they have a claim. And if it's only like a lawsuit or something like that. That is not the only reason why you should call on a cyber policy. Right. You should definitely call when there's a breach because sometimes insureds will have a breach, but never call.

And then, you know, things happen. They, they notify people on their own and then they get a lawsuit and we're like, wait, why didn't you call when this first happened? You know, who assisted you? Who, you know, and that's where they'd get a little tripped up? And usually, the duty to defend on these policies are related to the data network.

And if for some reason, a security breach and then we lead on into possibly, you know, regulatory. Now the regulatory contacts that's dealing with the G's offices, GDPR, CCPA, you know? Yeah. Our, our friend that everyone knows OCR. Right. So, you know, all of those things we, we stand there and we assist you with that.

And it's a duty to defend. Although, for the Beazley policy in our context, it's an indemnification for those. And we agree with the insured as to who council will be, but we do provide, you know, the most, best and competent counsel to the assist, the insured through that process.

Kara A.: [00:10:10] So before we talk about sort of how people go about picking council, I just want to clue in on something you said a minute ago, just to remind again, don't handle the entire matter and then call you because at the very beginning of our conversation, you talked about, if you guys aren't involved, then those costs are not covered under the po-, under the policy.

And that's not just a Beazley issue. That's any carrier and that's pretty well, any insurance policy. So, it's always important to remind people that's a big mistake that can be made in just about any kind of executive risk claim. Not just cyber, but I think cyber is one of those places where it happens a little bit more often because everybody's running around a lot more emergent than a lawsuit. A lot of times.

Bolanle A.: [00:10:50] Correct. That is correct.

Kara A.: [00:10:52] So let's talk about the whole selection of lawyers. So, a lot of lawyers out there, particularly the big firms will advertise themselves as security and privacy lawyers. I would think in my experience that isn't always true. And then it takes handling a lot of incidents before a lawyer gets really good at efficiently handling a breach and efficiently engaging with cyber insurance.

We know that a lot of people have developed a lot of faith in their, in their normal business council. And kind of, what are your thoughts on going with those classic panel counsel that, whether it's Beazley or some other insurance carrier would suggest, as opposed to making that argument to go off panel?

So, what's your thought on that?

Bolanle A.: [00:11:36] I really think that being on panel is always your best bet because these people, like I said earlier, have handled hundreds and hundreds and hundreds of breach incidents, all different types, all different facets, all different things across the industry. And specifically, because this is all they do so they know exactly what law they really need to look at how we efficiently, efficiently go in, you know, dissect the situation, say, okay, we need to do A, this is the States that we're looking at B, this is what we need to look at, C, like they officially have a process for it. And you know, yes, the rates, we, we work on them with that, but that's just, you know, an add on to the work that they do, because they're really good because the issues with off-panel is, you know, we have run into those people who say they do security and privacy, but they don't do it enough to really efficiency efficiently, know where they need to go and what they need to look at.

And now you have them now doing research and things like that for basic information that a person who does this all the time, or will already know off the top of their head that, Oh, we need to research. Oh, how long a credit monitoring do we need to do? Okay. As far as PII, does that fall under this particular state or that particular state?

It's just thing that on-panel vendors already know, they don't need to research it. It's they know the answer and they're like, okay, this is where we need to go. Unless it's something nuanced or a little different or something that they've recently seen that makes them think like, Oh, you know what? This may apply. Let let's, let's check on that. You know? Cause off-panel, if they're not really doing it every day, they're not going to really know to look for that. And that ends up sometimes causing major issues.

Aside from off panels, you know, sometimes unfortunately charging exorbitant amount rates for things that we know that could be at a better rate for the insured, especially because the legal is so important, because from there you determine whether an insured has to notify and those notifications, they must be done right because you don't want-, you don't want to do those wrong. You have to do them right. And you do them right, usually you won't have an issue, but if you, if there's something wrong with it or something's not right, you know, unfortunately that can sometimes lead to bigger issues that could have been prevented.

Kara A.: [00:14:17] So it sounds like one of the things you're saying, and I would say this is my experience too, is that it's not always just about the rate for the council. Sometimes it's about the number of hours they spend, even if your off-panel counsel ended up bringing their rate down and working with you on that.

Bolanle A.: [00:14:33] Yes. Yes.

Kara A.: [00:14:35] Okay. So, what should, and we talked about, you know, the idea of panel what if they're with a carrier that doesn't have a panel and we know there are a few of those out there. So, what should an insured look for in selecting a law firm if there's not a list provided by the carrier?

Bolanle A.: [00:14:51] If there's not a list provided by the carrier, they should really inquire about how many incidences have they worked within the past year, right? The past 12 months. How many breaks? Huge incidences have you worked on it? Okay. What type was it, you know, an email compromise versus an employee in a hospital context looking at information or the misplace of paperwork, like what kind of incidents have date work done. You know, have, you know, what kind of inquire about their knowledge related to the CCPA, GDPR and even acquire about their knowledge about the OCR and, or the multiple different AGs offices in the country, right?

Those are the questions you really want to ask them to truly ascertain if they know, you know, what they need to do and what they're doing overall, because that will go into you really saying, okay, I can really trust these people because, you know, trust is something that you really have to have with that law firm you're working with.

And then also, even ask them, okay, what other vendors they work with as far as, you know, if you had to notify, you know, who do they work with? As far as call centers, mailings, everything like that, credit monitoring. You want to ask all those questions to really see if they have a game plan when incidents come in.

You know that those are the, really, the big questions you have to ask them upfront to, to gauge if that's the perfect firm for you.

Kara A.: [00:16:22] So let's stay on that topic about you referenced mailings and call centers and such. So, let's stay on that. And where do you see people make mistakes when they hire those vendors?

So, the non-lawyer vendors whether it's crisis communication or forensics, or what have you, where do you see mistakes happening there?

Bolanle A.: [00:16:39] Well, relation to notifications. There is it's really hard to make mistakes with the notifications. I think it's more of making sure that the statement of work that you have with them clearly delineates what you expect of them and what you expect them to provide. Right?

So, you know, if you want your call center to be 120 days you need to make sure your statement of work says 120 days and doesn't just, just have the standard 90 days, right. That that's just, you just don't want to sign a standard agreement. You want to make sure it's as tailored to you as possible if possible. Right? If you, if you're doing this on your own because that sometimes ends up being an issue and then with notifications and mailings, you know, sometimes depending on the state you got, your letter has to be a little different, right? And you have to make sure they understand that. And it's not just them to say, okay, we're just blasting the same letter to, you know, all of these people across all these States, you know, that that may not work for you.

So, you know, just making sure you really go through and talk to these vendors and, you know, most people use all the same people and most of these vendors are really good because they know there's a timetable and a time requirement that you have to get this stuff out. And I think that's another big thing is that there has to be deadlines and they need to understand those deadlines are very important that they must be adhered to due to, you know, the state laws and regulations.

Kara A.: [00:18:10] Now, this is a question I didn't put on the original list, but when we were planning for this, but let's talk a little bit about the statement of work for a forensics vendor. Where have you seen any issues that occur from that's getting drafted?

Bolanle A.: [00:18:26] Related to the statements of work it's because they are not specific. They can't just say, okay, we're going to do forensic work for you at 50 hours at a hundred dollars an hour so, and this is what we're doing. No, they need to be specific. They need to say, okay, we're spending 10 hours, you know, just doing the report. And we're spending 20 hours on doing the forensic analysis.

And in the forensic analysis, you know, this is what we're looking at. As far as your end point tools, this is how many hours, you know, doing an end point tool, or a flat feeing you for the end point tool. They need to be as specific as possible so the insured understands what they're doing in their system, because sometimes that's one thing, insureds, you know, see, all they do is look at the number at the end and they're like, oh my God, this says $60,000, $80,000, $120,000. And you know, being this context in the cyber world, we're used to seeing those numbers because we know the specific thing that they're looking for to determine where the threat actor came in, if they're accessing anything, if there was any exfiltration, you know, all of that in there.

And sometimes, you know, people get bogged down with just a number. You need to look at what they're doing, right? Because what they're doing is to help you and what they're doing, you know, at that point kind of just, it basically explains itself to get to where that number is. And that number usually is pretty reasonable for the type of work that they're doing, because they're usually spending, depending on the type of matter, it could be as low as, you know, 20, 30 hours. And it could be as high as 200 hours. It depends on the complexity of the insurance system. Depends on how many users we're talking about. It depends on we talking about just virtual servers versus physical servers and all of that.

So, all of that goes in there, but I think the most important thing with statements of work is that they try to make them as specific as they can, so they know what they're doing.

Kara A.: [00:20:31] I'm guessing this kind of going back to our original topic about making sure that you're going through the carrier for the vendors, looking at panel vendors, guessing the statement of what the statements of work issues are reduced a lot with people who'd work with insurance carriers, with frequency?

Bolanle A.: [00:20:46] That is correct. That definitely reduces it a lot because they already know what the carrier is looking for because they know the carrier will look at it to improve that work for them to go on to now present it to the insured. And then at that point, the insured can take a look at it, if they have any questions, you know, have a conversation with the carrier, have a conversation with forensics or legal, but that's to make sure that everybody is clear as to what work is being done and what's being charged for it.

So, there's never a question of, well, why didn't we do this? Why is this missing? You know, so that way everyone is on the same page.

Kara A.: [00:21:21] And I presume then you're less likely on your end to send that bill back and cross off some of it.

Bolanle A.: [00:21:28] Yes, yes. Because we, we already know that and, you know, with our Beazley vendors, they are aware of that.

And they delineate and very specific with their statements of work. And, you know, when we do get that invoice that does come in, they're very specific in their invoice and they say, okay, this is what we did. This is how many hours we spent. And, you know, luckily a good chunk of the time, you know, they're under budget.

And, and it's, it's great when that happens. And sometimes, you know, they're on budget and then there are times that they are over budget, but they can explain why they're over budget. And usually before that even happened, our vendors immediately contact us and say, Hey, you know, we ran into these issues. We need additional hours and this is why. They explain exactly why they need those additional hours. And we say, okay. And we approve it and they continue their work.

Kara A.: [00:22:28] I know from my own experience with clients, when you're not working with whether it's a lawyer, a forensics vendor, whom have you, that don't do a lot of insurance. Then you sometimes do end up in those fights between the company involved and whatever vendor it is about the Delta between what the insurance carrier would cover and what they wouldn't. And that those are just headaches that are not to have those headaches.

Bolanle A.: [00:22:53] Yeah. And it makes it so much easier on the backend when all that is upfront and said, because you know, there have been situations where, you know, insureds will use off panel counsel, you know, and they end up off panel forensic I should say, and they end up charging them, all this stuff that the insured had no idea that they were doing. And then now it's like, well, help me tell them that we're not going to pay that. So, you know, I I've, I've seen those situations and, and, and unfortunately it leaves the insured in a bad spot. So that's why it's really important for the insured to stay on panel with their carrier.

And I know with Beazley, us being very proactive on that and having our BBR with the panel requirement that eliminates a lot of those issues.

Kara A.: [00:23:48] Let's move on to it a little bit different topic. Let's talk about social engineering. And we know that there are often circumstances in which an insured may have some social engineering coverage on a cyber policy and on a crime policy.

So, what's your advice for navigating that when it's on two different policies, in particularly if it's with two different carriers?

Bolanle A.: [00:24:10] In particularly when it's with two different carriers it's always notify both carriers, right? You notify your cyber carrier and you notify your crime carrier. And at the same time, let them know about the other carrier too.

Right? Let them know about the other if you know, the broker, retail agent or the insured are agreeable even provide the policy of the other to the other carrier, because it makes it easier because at that point, you know, the cure is to just pick up the phone and say, Hey, okay, I got it. You got it. Do we, you know, let's look at our insurance provision.

Okay. You know, is one primary and the other is access? Okay. We'll make that decision and let the insured know right away or is this a situation where it's a pro-rata allocation? Okay. Let's agree about how the allocation is going to work, because then that way it's easier for us to just to go to the insured one time and you're not saying, well, I talked to this carrier and they told me this, and then it's like, you're playing the game of telephone.

Right. And not everything's being fully communication, communicated. But when it's carrier to carrier and having those conversations, you'll eliminate that very quickly. And usually, I can say when dealing with those types of files we try to do that very quickly. And say, Hey, do you have a crime carrier?

Okay. Can you get me the adjuster's information? Can you give me a copy of the policy? Here, obviously just in case you don't have a copy of your policy. Here it is. Feel free to provide it. Please give them our contact information. Please let them contact us. And we try to have those discussions right away, because we know, you know, this money, depending on the type of insured, you know, can make a break them. And we try to, you know, respond and get them, let them know about coverage or not related to the policy. So that way they know, and it's not just hanging around for months and months at a time unnecessarily.

Kara A.: [00:26:02] Well, how often do you have situations like that? And then both carriers say the other carrier is supposed to be primary, but what does an insured do if that happens?

Bolanle A.: [00:26:11] So what the insurance should do is really get their broker involved at that point. And the broker can have a conversation with both carriers, but you know, most carriers would say, okay, if we both agree that both the others would be primary, we would do what's called a pro-rata allocation.

Right? The pro-rata allocation would be based on the limit. And we would say, okay, if it's like a hundred thousand here and a million here, okay. I would only pay 10% of whatever that is. And then whatever the amount is subject to the retentions and how you guys agree that with work, you know, that's how you would pay.

So that's usually the easiest way to deal with that. And most carriers do that, you know, if the other is pointing to the other. So, there's never really an argument to really be had unless you know, there is significant coverage issues or any, or be it any of those problems. But, you know, like I said, it's really about putting them both on notice at the same time, so you can get the ball rolling and just, you know, easily just communicating the information, like I said, related to the policy and the adjuster information, so they can get on the phone and have those conversations.

Kara A.: [00:27:31] Yeah. I think the moral of that lesson is it's sort of like discovery in litigation is that at some point it's going to come out. So, if, if there's a potential issue, then that it's probably best just to confront it head on and to, to work out a deal, as opposed to waiting for somebody to discover that they may have an out.

Bolanle A.: [00:27:52] Yes. Yes. And it's so much easier, honestly, it doesn't leave the insured in a precarious position by any means. And that way, the insured is fully aware of what's available to them. Especially in situations where the loss could exceed both policies. And I've seen that, right. There's really not much to say. You know, but that that's, that's something that they really need to understand. And, and that's a question that the insured could ask or the broker or retail agent could ask is, okay, are you going to consider yourself primary or access?

And you can ask that question. So that way they understand that you're also looking at that. But as a claim’s adjuster, you definitely ask that. That's the first question you ask. Especially because in most policies for cyber, and I can say specifically for Beazley, we do have a sub-limit for the social engineering.

So that is the first question I ask, especially if it's something that's above the, you know, the actual sub-limit itself. Unfortunately, I've seen that happen.

Kara A.: [00:29:00] So let's talk a little bit about the coverage situations. If we're talking about where claims go awry, where people think there is coverage in their cyber policy and there isn't, what are some of those circumstances?

Bolanle A.: [00:29:14] I could say one major circumstance is in managed service providers aspects. Especially because I deal with a lot of tech, you know, claims and the managed service provider if they get hit with a ransomware, they think that their policy covers the payment of the ransom for their client. It does not.

That is not how it works. You know, the policy will only pay related to you and only you in your systems. That, that's one of the biggest things that, you know, we see, especially in these times right now MSP writers have been getting hit largely because you know, they're able to propagate it to those clients really quickly. Right. And that threat actors know that. The other one that I usually see is with hardware costs, like physical hardware. You know, some CIRA policies it's included and some it's not. So, they really, really have to look at it.

And we also say, you know, with hardware, if you have to replace hardware, also put your property carrier on notice. Right. Because you know, sometimes they have those, sub-limits in the policy to allow for coverage for that. Also related to, you know, ransomware as far other things, you can also look at your kidnap and ransom policy as well, related to cyber extortion.

You know, th th those are a couple areas that stand out where people think that things are typically not covered or are covered that are not, it's just the hardware and the ransom. But I just want to throw a little side note, but they kidnap and ransom because some people forget about it. Because a lot of these ransom demands of recent had been in the multimillion dollars and if the insured has a cyber policy that's only a million dollars or 2 million, and the note says 10 million, obviously that's not enough coverage. So, you definitely want to make sure that you're letting everybody know, so you can get as much coverage as possible.

Kara A.: [00:31:39] So let's, let's talk a little bit more about ransomware. Do you have any advice for insureds on how to effectively work with their carrier in the midst of a ransom incident?

Bolanle A.: [00:31:50] Share the information requested as quickly as possible. So that way, you know, we're in a position to ascertain coverage, get you the providers you need and get you on your way to start making those decisions really to what you want to do next. It being to whether you want to pay the ransom or not. You really just want you to share the information with us.

We're we're only here to help you. We're not here to trap you or anything like that. It's really to assist you because when we know everything, we're able to say, okay, you know, let's look at this, let's look at this, let's look at that. And some people, you know, are willing to share all the information upfront and then some people are a little hesitant because they're not really sure, but when they realize that you're, you're really just trying to help Then they know, okay, and that's when they get it, they give you everything. And you're like, okay, this is what we should do. So that's just really, I think the biggest advice I can give to any insured is really to share all the information as quickly as possible that's requested of you by the carrier.

Kara A.: [00:32:59] Staying on the topic of information on having all of that. One of the things we know that comes along with ransomware, a fair amount of time is business interruption. We'll also see that with breaches. So, what advice do you have for insureds for gathering all that information and, and calculating those business interruption costs, because that can be a pretty challenging task.

Bolanle A.: [00:33:23] Yes. Business interruption costs are very, very challenging. It's a, it's a hard, it's a hard thing to do once everything is settled down. One thing I would I say is focus on your business interruption until after the entire incident has been complete. So, if you've, you don't worry about it while you're in the incident.

Right. You want to deal with it after just make sure, like, at least you're documenting everything you're doing and why you're doing what you're doing because putting those costs together can be time very timely and sometimes very costly. Depending on how it is, I can say with me and at Beazley, you know, we always say, have a discussion with us first.

Say, okay because we have a proof of loss form. We give it to the insured and we say, okay, this is the form you should fill out. There, it's a multiple. It's very, very detailed. Very, very specific. So that way it can kind of give you like a guide of what you're, you're wanting to submit because sometimes insureds forget things. They're like, Oh, I don't, I didn't remember that charge, but they oh, we paid for this thing and we paid for that thing.

Okay. Let me see if I can get covered for it. And we, and we really delineate it there. So that way, we can make it an easier process. And if they think it's going to be something that's very large, you know, they should hire someone, you know. I know, you know, some brokers do have those in-house people that do assist in putting together those business interruption claims and they should utilize them.

They should truly utilize that because it makes it easier when you submit it to the carrier, because the carrier's going to have someone or a forensic accountant looking at it as well. So that way, as I call it the forensic accountant to forensic accountant talk, right. They understand each other and they have those conversations.

They'll say, well, we need this. And they say, okay, we need this. And they know, and they can get that information and do it with each other quickly. And you know, some policies I can say for the Beazley policy, we provide an additional 50,000. That's obviously included within your limit of liability. That covers costs provided to assist you. So, you know, I always tell people upfront, take advantage of that and, and use it because it will help you because if you tell them what you want to claim, they will tell you, okay, either you can't claim this based on your policy, but you can claim this, this and this. Do you have any of that? And kind of walk you through the documentation that's needed to ease the process.

And I think brokers should really get involved to assist in giving the insured and set their expectations because sometimes, you know, people want to give everything and that's great. We know, you know, you want everything to be current, but you know, again, this is a policy, it's a contract, certain things are just not covered.

And I think, you know, having great brokers like McGriff, you know, to assist in that makes the process a lot easier and not as challenging.

Kara A.: [00:36:34] Well, speaking of great brokers, like McGriff, let's end our conversation on w- what advice would you give to insureds for how to use their broker and how to engage their broker during the midst of a cyber incident?

Bolanle A.: [00:36:48] The best way to really engage and effectively use your broker after you submitted to us is to tell them, okay, this is what I did. This is what I want to do. Do you think my policy this? And as a broker I really feel like, you know, and I know you guys do this a lot and we're appreciative you pick up the phone and call a claims handler and say, Hey, my client wants to do A, B, C, and D. You know, I looked at the policy, this is what I see.

Does this look like something that could potentially be covered? And we could say, yeah, it could be. And we, and we have those very frank conversations because what we don't want to happen is that the insured does something, spends all this money comes to us and we're like, that's not covered. And then it ends up being a bigger challenge. We don't want that. We want to be able to say, okay, you know, this is what's covered. This is why, this is how the policy works. It's a bigger deal because every policy by every carrier is different. They are people forget that they are like, Oh, well, Beazley does it this way.

But you're talking to a CNA person, right. Or CNA, and you know, this other insurance company does it this way, but you're talking to Beazley. You have to understand every policy is different. Every policy has different definitions. Every policy is triggered a different way. So, people need to remember that.

And I think that's how the brokers are super effective when they're explaining to the insured, I understand that, but this is how this policy works. But I think the biggest overarching theme in my answer is the broker just needs to pick up the phone and call the claims handler and have that discussion with them. Because I think that right there will make it so much smoother just in case, you know, the insured either doesn't understand what the claims handler is saying and, or, you know, believes the policy should work a certain way. And, you know, we say that's not how it works, but when they speak with the broker and the broker reiterate how the policy works, I think it makes it for an easier way to be able to say, okay, this is what we're going to do.

And the relationship going forward until, you know, the close of the claim.

Kara A.: [00:39:19] So it sounds like one of our jobs as a broker is to translate, advocate for our clients, and it sounds like help them through the process because a cyber claim is definitely a process.

Bolanle A.: [00:39:32] Yes. It's definitely a process and people need to understand that it's not something that needs to be rushed. You know, we try to take our time to get it right. In the beginning it's rushed, right? Cause you try and get everything done. But once that immediate emergent is over, you got to let the process take its course. In letting the process take its course it it's, it's easier said than done. But when I speak with my insureds and have those conversations with them, and they're like, you know, the first thing I asked them, how are you doing?

And they're like, Wait, why would you ask me that? I'm like, because I need you to take a breath because the process, and this is what's going to happen. And when we explain it, they're like, you make it sound like this is going to be so easy. I'm like, I promise if you follow our advice, it will be. And 99% of the time when they do, they're like, oh my God, you are right.

And you know, as they say, it's great working with you, Bolanle, but I'd never want to see you again. And I get that and I get it. But that's how we want to make it. And we want to make it that they understand that, you know, we want them to get as painless as possible. Although they're going through this worst time ever, we want to make it as painless as possible.

And I know we do do that.

Kara A.: [00:40:54] Well, I think that's a great point of which to end, just to remind folks to breathe, to slow down a little bit when these cyber claims happen, call your carrier, call your broker, and they'll help you avoid all of the other mistakes you could be making. So Bolanle, thank you so much for your time and thanks to all of you out there listening.

And we appreciate you joining us on our series here at McGriff and stay tuned for the next one.

Insurance products and services offered through McGriff Insurance Services, LLC, a subsidiary of TIH Insurance Holdings, LCC, are not a deposit, not FDIC insured, not guaranteed by a bank, not insured by any federal government agency and may go down in value.

McGriff Insurance Services, LLC. CA License #0C64544