Call Today

+1 440-322-ILER(4537)

}
Hours

Mon – Fri, 9am to 5pm

Tech Blog

your go-to resource for all things tech! Stay updated on the latest trends, industry insights, and expert tips to navigate the ever-evolving world of technology.

3 Times Businesses Were Denied Cyber Insurance Payouts

by | Sep 29, 2022

[kc_row use_container=”yes” force=”no” column_align=”middle” video_mute=”no” _id=”151602″][kc_column width=”12/12″ video_mute=”no” _id=”800307″][kc_column_text _id=”635611″]

Cyber insurance is a type of insurance that protects businesses from financial losses that can result from a cyberattack. While it’s an essential tool for businesses of all sizes, there are some facts you should be aware of before purchasing a policy.

Just because you have cyber insurance, it doesn’t mean you are guaranteed a payout in the event of an incident. This is because you may not have the correct coverage for certain types of cyberattacks or you might have fallen out of compliance with your policy’s security requirements. As a result, it is critical to carefully review your policy and ensure that your business is adequately protected.

Learn from the past

Here are three real-life examples of denied cyber insurance claims:

Cottage Health vs. Columbia Casualty

The issue stemmed from a data breach at Cottage Health System. They notified their cyber insurer, Columbia Casualty Company, and filed a claim for coverage.

However, Columbia Casualty sought a declaratory judgment against Cottage Health, claiming that they were not obligated to defend or compensate Cottage Health because the insured didn’t comply with the terms of their policy. According to Columbia Casualty, Cottage Health agreed to maintain specific minimum risk controls as a condition of their coverage, which they then failed to do.

This case reminds organizations of the importance of reading their cyber policy, understanding what it contains and adhering to its terms.

BitPay vs. Massachusetts Bay Insurance Company

BitPay, a leading global cryptocurrency payment service provider, filed a $1.8 million insurance claim, but Massachusetts Bay Insurance Company denied it. The loss was caused by a phishing scam in which a hacker broke into the network of BitPay’s business partner, stole the credentials of the CFO of BitPay, pretended to be the CFO of BitPay and requested the transfer of more than 5,000 bitcoins to a fake account.

Massachusetts Bay Insurance stated in its denial that BitPay’s loss was not direct and thus was not covered by the policy. Massachusetts Bay Insurance asserted that having a business partner phished does not count as per the policy.

Although BitPay is appealing the denial, this case emphasizes the importance of carefully reviewing insurance policies to ensure you understand what scenarios are covered. This incident also highlights the importance of employee security awareness training and the need to reach out to an IT service provider if you don’t have a regular training policy.

International Control Services vs. Travelers Property Casualty Company

Travelers Property Casualty Company requested a district court to reject International Control Services’ ransomware attack claim. The company argues that International Control Services failed to properly use multifactor authentication (MFA), which was required to obtain cyber insurance. MFA is a type of authentication that uses multiple factors to confirm a user’s identity.

Travelers Property Casualty Company claims that International Control Services falsely stated on its policy application materials that MFA is required for employees and third parties to access email, log into the network remotely and access endpoints, servers, etc. They stated that International Control Services was only using the MFA protocol on its firewall and that access to its other systems, including its servers, which were the target of the ransomware attack in question, were not protected by MFA.

This case serves as a reminder that when it comes to underwriting policies, insurers are increasingly scrutinizing companies’ cybersecurity practices and that companies must be honest about their cybersecurity posture.

Travelers Property Casualty Company said it wants the court to declare the insurance contract null and void, annul the policy and declare it has no duty to reimburse or defend International Control Services for any claim.

Don’t be late to act

As we have seen, there are several reasons why businesses can be denied payouts from their cyber insurance policies. Sometimes, it could be due to a naive error, such as misinterpreting difficult-to-understand insurance jargon. In other cases, businesses may be maintaining poor cybersecurity hygiene.

An IT service provider can help you avoid these problems by working with you to assess your risks and develop a comprehensive cybersecurity plan. Feel free to reach out for a no-obligation consultation.

[/kc_column_text][/kc_column][/kc_row]

Maximizing Workplace Productivity with a Year-End Tech Refresh

As the year draws to a close, it’s a great time to reflect on how your business has grown and evaluate how your technology is supporting—or hindering—your team’s productivity. In today’s fast-paced, tech-driven environment, keeping your technology updated and...

2025 Cybersecurity Predictions: What Every Small and Medium-Sized Business Needs to Know

Cybersecurity threats are evolving faster than ever. What once seemed like science fiction—AI-driven cyberattacks and quantum computing—are now tangible risks. For small and medium-sized businesses, this isn’t just an IT issue; it’s a business-critical challenge....

Cyber Insurance for Small Businesses: Why You Need It and How to Get Covered in 2025

In today’s world, cyberthreats are no longer just a big-business problem. Cybercriminals are increasingly targeting small and medium-sized businesses (SMBs), which often lack the robust defenses of large corporations. With the average cost of a data breach exceeding...

6 Ways Your Phone Is Tracking You

Your Phone Is Listening… And Tracking You Too! Have you ever casually mentioned a product or service near your phone, only to see ads for it on social media moments later? It’s no coincidence—your phone is listening. But there’s something even more concerning: your...

5 Options If Your Windows 10 PC FAILS The Windows 11 Compatibility Test

As you may have heard, Windows 10 will officially reach its end of life on October 14, 2025. This means that Microsoft will stop offering free security updates, non-security updates, and technical support. While your computers won’t stop working on that date, they...