Get Your Technology Vendors to Pay for your Cyber Claims

August 29, 2018 | Views: 13298

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

It is estimated by some experts that as many as 95% of cyber incidents are the result of a failure by one of your vendors.

As large-scale data breaches and other cyber incidents continue to make national headlines, it is important for companies to think about how they are prepared to pay for a cyber incident WHEN, not if, they are hit. The easy answer is cyber liability insurance but there can still be negative impacts to the affected business. Deductibles, future renewal increases, exhausting limits, and the potential for exclusions in poorly written cyber policies are all risks companies face even if they buy a cyber liability policy.

One way a company can reduce their financial risk is by properly transferring technology risk to their vendors and subcontractors who have a high likelihood of being responsible for the cyber security incident. This is done up front during the initial contractual negotiations and is typically an easy conversation to have with the vendor; general contractors have been doing this for years with their subcontractors.

IF YOU DON’T READ ANYTHING ELSE, READ THIS: The key to the entire contractual risk transfer is that you require your vendors to carry insurance to support the risk transfer. Without the insurance in place to provide the funds for defense and settlement, you are likely stuck going after the vendor in court. And unlike subcontractors mentioned above, technology companies typically lack the physical assets you can go after.

The product would allow companies to easily analyze critical vendor contracts for risk related items, insurance requirements, and diligence the insurance policies. It would then assess the contractual gaps based on the tasks performed by the vendor. So an example would be a payment processing vendor.

You would download the documents into the portal to include the vendor contract and the vendor’s insurance certificate. At the beginning of the process, you would tell us they are a payment processing vendor and our algorithm will identify where we see claims and what the biggest area of risk is created by that type of vendor. Our AI/big data platform would analyze the contract, analyze the insurance certificate and cross-reference that with the carriers and policy forms in the database. We would then give you a quick snapshot of the significant risk factors not transferred contractually to the vendor and the areas transferred but that their insurance program may not provide proper protection leaving the risk transfer unfunded.

In short, you could download the contract and insurance cert and get a quick snapshot of the risk factors and potential cost you would assume contractually due to a failure of that vendor.

If you properly transfer risk to your technology vendors and subcontractors to include insurance requirements, they will reduce the financial impact a cyber incident will have on your balance sheet.

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel