Cyber Insurance Claims: Expert Advice on Crisis Management and Why Hiding a Breach is a Major Mistake
Cyber attacks are no longer a distant, abstract risk. They are a clear and present danger for businesses of all sizes. When a breach occurs, how you respond can determine your company's survival. We spoke with crisis communication expert Dr. Hubert Becker, Managing Partner at Instinctif Partners, to understand how companies should prepare for a cyber incident and the vital role cyber insurance and proactive planning play in resilience and recovery.
The Evolving Cyber Insurance Market: Ransomware and Restrictive Terms
Insurance Journal: The cyber insurance sector is maturing, and claims are rising. The market is reacting—a prominent example is the AXA Group announcing it would no longer cover ransom payments as part of its policies. Is this just the beginning? Will other providers follow?
Dr. Hubert Becker: The topic of ransom payments is constantly debated. Communicating about it is as difficult as the decision of whether to pay. It should only ever be the last resort. Considering regulatory and legal challenges—such as money laundering and terrorist financing laws—I expect more restrictive decisions on this front in the future. Ultimately, whether to engage with ransom demands is also a question of corporate stance. We've found that showing backbone in communication can be effective.
Our study "Quo vadis Cyber-Insurance" also shows that providers are taking a more restrictive path with pricing and policy conditions. The market will continue to grow but will also become tighter. Issues like "silent cyber" and accumulation risks remain unresolved.
Positioning for Success: The Value of Assistance Services
Insurance Journal: How can providers position themselves to succeed or remain successful in this market?
Dr. Becker: The biggest motivators for purchasing cyber coverage are still concrete loss experiences, now followed by public reporting on cyber incidents. In the event of a claim, affected companies need immediate help. Therefore, assistance services—including technical and legal support, crisis management, and crisis communication—are a primary selling point for cyber policies. By offering a comprehensive service spectrum, insurers (and brokers) can position themselves as competent partners in solving cyber risks.
The Impact of COVID-19 and Remote Work on Cyber Risk
Insurance Journal: The COVID-19 pandemic is often seen as a digitalization driver. However, remote work is also said to have increased cyber risks. Does the Instinctif "Cyber-Insurance 2021" study confirm this?
Dr. Becker: Naturally, the causal influence of the COVID crisis on demand and loss development cannot be definitively proven. But the assessment of market participants clearly shows they assume a significant impact from the pandemic and the changes it caused—including increased remote work—on IT security. About 70% of the insurers and brokers surveyed see an influence of COVID on loss development. The primary factor is likely the significant digitalization push, which has increased risk exposure across many sectors.
This is also apparently reflected in the demand for cyber insurance coverage. 76% of insurers and 89% of brokers believe demand has increased due to COVID.
Key Risks for Companies During a Cyber Attack
Insurance Journal: What are the main risks for companies during a cyber attack?
Dr. Becker: You must distinguish between technical risks, data protection issues, operational and financial consequences, and reputational risk. The latter results from the former but is also a standalone risk concerning the perception of the entire company when affected by a cyber attack. This is certainly a reason why companies now have reputational risks high on their agenda.
Financial consequences can likely be covered by insurance solutions. However, business interruption due to IT failure or the loss/compromise of data remains a massive operational problem. Additionally, with hacker attacks, it's hard to assess when the crisis is truly over. Stolen data can surface or be misused long afterward.
The Critical Role of Crisis Communication
Insurance Journal: What role does crisis communication play in an emergency?
Dr. Becker: We have developed a set of seven guiding questions to make an initial assessment of how urgent clear and swift communication is. This particularly concerns the extent to which the affected company maintains control of the narrative and doesn't fall into a reactive-defensive position that can quickly turn into justification.
Regardless, there is always a communication need in a crisis. The target groups of employees and business partners are usually the first affected. Uncertainty or even rumors are poison for crisis management—because you need your employees to solve the problem. And without the trust of business partners, it becomes difficult to survive the crisis and return to normal operations.
Therefore, silence or cover-up is a major mistake. Companies that delay communication have historically achieved significantly worse outcomes in the aftermath than companies that handled communication proactively. Extensive empirical studies show this.
Preparing for a Crisis: Advice for SMEs
Insurance Journal: Can you give tips on how small and medium-sized enterprises (SMEs) can prepare for such a crisis?
Dr. Becker: Small and medium-sized enterprises often lack both the IT competencies to handle attacks professionally and crisis-experienced communication departments with the corresponding infrastructure. This is precisely why insurers are helpful—they offer not only insurance coverage but also a corresponding assistance network. This is a real added value of a cyber insurance policy.
It is also advisable to deal preventively with the "worst case." This starts with a risk analysis, includes creating a crisis plan, and ideally involves a simulation exercise. Such a process ensures a company remains capable of action even if the entire infrastructure literally collapses—so that neither operational systems run, nor access to data and files is possible, while simultaneously the phone system and email are down. This sounds like an extreme scenario, but it is totally realistic.
The prevention itself doesn't have to be extremely labor-intensive. A few "basics" often help to avoid the worst situations in the initial phase. But unfortunately, such projects often run under "Priority 3"—and are never implemented.
Insurers and brokers struggle with high backlogs in claims management, rising claim frequencies, skilled labor shortages, and growing customer expectations. Manual processes are expensive and slow.