By: travissholt
August 29, 2018
Get Your Technology Vendors to Pay for your Cyber Claims
By: travissholt
August 29, 2018
It is estimated by some experts that as many as 95% of cyber incidents are the result of a failure by one of your vendors.
As large-scale data breaches and other cyber incidents continue to make national headlines, it is important for companies to think about how they are prepared to pay for a cyber incident WHEN, not if, they are hit. The easy answer is cyber liability insurance but there can still be negative impacts to the affected business. Deductibles, future renewal increases, exhausting limits, and the potential for exclusions in poorly written cyber policies are all risks companies face even if they buy a cyber liability policy.
One way a company can reduce their financial risk is by properly transferring technology risk to their vendors and subcontractors who have a high likelihood of being responsible for the cyber security incident. This is done up front during the initial contractual negotiations and is typically an easy conversation to have with the vendor; general contractors have been doing this for years with their subcontractors.
IF YOU DON’T READ ANYTHING ELSE, READ THIS: The key to the entire contractual risk transfer is that you require your vendors to carry insurance to support the risk transfer. Without the insurance in place to provide the funds for defense and settlement, you are likely stuck going after the vendor in court. And unlike subcontractors mentioned above, technology companies typically lack the physical assets you can go after.
The product would allow companies to easily analyze critical vendor contracts for risk related items, insurance requirements, and diligence the insurance policies. It would then assess the contractual gaps based on the tasks performed by the vendor. So an example would be a payment processing vendor.
You would download the documents into the portal to include the vendor contract and the vendor's insurance certificate. At the beginning of the process, you would tell us they are a payment processing vendor and our algorithm will identify where we see claims and what the biggest area of risk is created by that type of vendor. Our AI/big data platform would analyze the contract, analyze the insurance certificate and cross-reference that with the carriers and policy forms in the database. We would then give you a quick snapshot of the significant risk factors not transferred contractually to the vendor and the areas transferred but that their insurance program may not provide proper protection leaving the risk transfer unfunded.
In short, you could download the contract and insurance cert and get a quick snapshot of the risk factors and potential cost you would assume contractually due to a failure of that vendor.
If you properly transfer risk to your technology vendors and subcontractors to include insurance requirements, they will reduce the financial impact a cyber incident will have on your balance sheet.