06.11.2019

Get Your Technology Vendors to Pay for your Cyber Claims

By Travis Holt

It’s been estimated by some experts that as many as 95% of cyber incidents are the result of a failure by one of your vendors

As large scale data breaches and other cyber incidents continue to make national headlines, it’s important for companies to think about how they’re prepared to pay for a cyber incident WHEN, not if, they’re hit. The easy answer is cyber liability insurance but there can still be negative impacts to the affected business. Deductibles, future renewal increases, exhausting limits, and the potential for exclusions in poorly written cyber policies are all risks companies face even if they buy a cyber liability policy.



IF YOU DON’T READ ANYTHING ELSE, READ THIS: The key to the entire contractual risk transfer is that you require your vendors to carry insurance to support the risk transfer. Without the insurance in place to provide the funds for defense and settlement, you’re likely stuck going after the vendor in court. And unlike subcontractors mentioned above, technology companies typically lack the physical assets you can go after.

The product would allow companies to easily analyze critical vendor contracts for risk related items, insurance requirements, and diligence the insurance policies. It would then assess the contractual gaps based on the tasks performed by the vendor. So an example would be a payment processing vendor.

You would download the documents into the portal to include the vendor contract and the vendors insurance certificate. At the beginning of the process, you would tell us they’re a payment processing vendor and our algorithm will identify where we see claims and what the biggest area of risk is created by that type of vendor. Our AI/big data platform would analyze the contract, analyze the insurance certificate and cross reference that with the carriers and policy forms in the database. We would then give you a quick snapshot of the significant risk factors not transferred contractually to the vendor and the areas transferred but that their insurance program may not provide proper protection leaving the risk transfer unfunded.

So in short, you’d download the contract and insurance cert and get a quick snapshot of the risk factors and potential cost you would assume contractually due to a failure of that vendor.

If you properly transfer risk to your technology vendors and subcontractors to include insurance requirements, they’ll reduce the financial impact a cyber incident will have on your balance sheet.