Cyber risk is manageable. But only if everyone involved in managing that risk is on the same page. Typically, when new cyber threats are detected or announced, cyber insurers notify their policyholders and encourage them to swiftly remediate potential risks. Likewise, if a policyholder notices something unusual, the hope is that they report it promptly.
Yet some policyholders do not call their cyber insurer until it’s too late. There are many reasons why businesses may be hesitant to report. They might not be aware of the threat itself or the severity of an issue, or they may equate informing their insurer of unusual cyber activity with the commission of a costly investigation and that time and effort will be needed to submit a formal proof of loss.
Businesses are judicious in what they report out of concern for substantial costs, increased premiums and other negative repercussions. They sometimes focus more on managing their self-insured retention (SIR) than on the threat and the impact, which can extend beyond the costs covered under a cyber policy and include customer and employee confidence and the business’s reputation.
However, speed and…
