Navigate Claims from Cyber Events in Your Supply Chain

On July 19, 2024, CrowdStrike became a household name after businesses large and small around the world saw their operations come to a halt when they were met with a “blue screen of death” as a result of a faulty software update from CrowdStrike. Though this has been the largest event of its kind, it hasn’t been the first. The widespread impact of outages highlights the fragility of a digital supply chain dependent on a few providers for key services and tools, and why organizations should be prepared to respond to such events.

If your organization experiences a cyber event due to a vulnerability in its digital supply chain, you’ll want to know what to expect and how to respond. Additionally, if the source of the cyber incident proves to be a vendor and you haven’t had a preemptive discussion about how insurance fits into the picture, this could lead to significant confusion regarding financial liability.

Understanding your insurance coverage and being proactive and prepared for the claims process will likely expedite your access to remediation services, forensics efforts, and financial reprieve. The claims process can be complicated, especially when it’s unclear whose policy will respond to cyber events, but it doesn’t have to be if you and your partners do your due diligence. Here are some tips that can help you be prepared.

Before anything happens

• Compile a list of all your vendors and understand the ways they might impact your organization’s cybersecurity by conducting third-party risk assessments and quantifying potential losses against your company’s balance sheet. Learn more about how to quantify your cyber risk with this guide.
• Vet your third-party vendors’ approach to cybersecurity and ask the right questions. We’ve put together this useful guide with questions you should consider asking them.
• Request certificates of cyber insurance because you want to make sure your supply chain partners have the resources to respond quickly, remediate the situation, and contain the damage.
• Consult with your legal expert regarding any contractual language and the implications for your organization and the other party in the event of a cyber incident.
• Know if there are any deadlines you will have to adhere to when submitting a claim, and know the contact information for claims submissions.
• Consult with your third-party vendors and have a conversation with them to ensure they know what to expect from the claims process with their cyber insurer.

Submitting a claim

• Know what the claims process will entail for your insurer so that you can be ready and have the process go as quickly as possible.
• Time is of the essence, which is why you won’t want to wait to notify your insurer if you suspect something is wrong. Even if it’s yet to be seen which party is at fault, you’ll likely still have access to counsel and forensics services. Insurers utilize preferred vendors, which provide discounted rates and a wealth of knowledge.
• Gather necessary information, documents, and evidence, which likely includes the date of the incident, number of compromised records, and a list of your regulatory reporting obligations.
• Contact your cyber insurance advisor so that they can help guide you through the claims process and advocate on your behalf if issues arise.

Picking up the pieces

• Remediate any identified issues that caused the breach if you were found to be at fault.
• Reevaluate your partnerships and third-party cybersecurity exposures, being sure to probe for details that might prevent a similar event from happening in the future.
• Stay up to date regarding cybersecurity trends and best practices.
• Consult with your insurance advisor regarding your cyber insurance renewal to help avoid declination.

Connect with The Baldwin Group’s Cyber Center of Excellence today to discuss your supply chain cyber risk, and all aspects of your cyber risk strategy.