Travelers vs. ICS: Misrepresentation and Your Cyber Insurance
Imagine getting hit by a cyber-attack that ends up costing you millions of dollars and enduring a class action lawsuit served by your own clients. That's already a tough experience. Now imagine that in the middle of all that, your cyber insurance provider files to nullify your policy. Not only do you have to go through the experience without help from your insurance company, but now you're also being asked to reimburse services already rendered.
That's what happened to a Decatur, Illinois-based electronics manufacturing services company, International Control Services (ICS).
On July 6, 2022, Travelers Insurance filed a document asking the US District Court for the Central District of Illinois to declare their insurance contract with ICS null and void. The insurer wanted to rescind its cyber policy because ICS allegedly misrepresented its use of multi-factor authentication (MFA).
But what does that have to do with your business and cyber insurance policy? For one, the rare court filing has the potential to be a landmark case. It could leave lasting implications regarding how insurance companies deny claims based on misrepresentation. In addition, it can help you navigate coverage claim pitfalls and prevent the same outcome from happening to you.
At ITS, we are a security-focused IT support company dedicated to helping you make smart decisions on cybersecurity by sharing our insights. In this article, we're going to dive into what went wrong in the Travelers vs. ICS issue and what you can do to avoid the same situation with your insurer.
Travelers vs. ICS: What Went Wrong?
According to the document filed by Travelers, ICS submitted a cyber policy application signed by its CEO saying that they used MFA for administrative or privileged access. However, just weeks after ICS received the policy, the Decatur-based firm was hit by a ransomware attack, prompting an investigation. Travelers found that ICS "only used MFA to protect its firewall, and did not use MFA to protect any other digital assets."
In Travelers' point of view, that proved that the statements ICS made in the application were "misrepresentations, omissions, concealment of facts, and incorrect statements" – all of which "materially affected the acceptance of the risk and/or the hazard assumed by Travelers." In layman's terms, the insurer is saying that if they had known ICS wasn't using MFA properly, they would have never approved the policy.
It's important to keep in mind that details regarding the issue haven't been made public. So, for now, it's the insurer's word against the insured. After all, misrepresentation is also a common defense against providing coverage for claims.
However, if the allegations are true, they can be used as grounds for a rescission of the contract. To do that, Travelers has already started by filing a legal document to the court asking to nullify the agreement. The court will then have to decide whether to rescind the policy. They may declare that the insurer has no duty to indemnify or defend ICS for any claim.
Depending on how the court decides, it could end up as a landmark case that's used as a benchmark for denying claims based on misrepresentation.
How to Avoid Claim Denial Due to Misrepresentation?
As cybercrime rates rise, so do the rate of claims. It's no wonder insurers will tend to push back when you submit one. In fact, scrutinizing your answers to their policy applications has become a standard step in many claims investigations. It raises the bar and presents pitfalls like misrepresentation and omissions that can potentially deny you your coverage.
Take a look at some general rules of thumb that will help you avoid claim denial due to misrepresentation:
Be Factual in Your Application
Meeting compliance goals can be a tall order. It's an arduous and expensive process that takes up a lot of your time and resources. It's so tough that bending some of your answers can be pretty tempting while filling out the policy application. Hold that thought. Misrepresenting on your application or withholding information is the fastest way to get a claim denial.
Insurers will scrutinize your application when you submit a claim, and if they find any inaccuracy, they will act on it. That could forfeit any protection from your policy, leaving you high and dry after an attack.
Know Your Network Inside Out
Misrepresentation isn't the only way to get a claim denial. Wrong answers given in the application process can also leave you with gaps in coverage. The problem is that some insurance application forms can be very technical. For that, you must have someone who has a thorough understanding of your network and security to give factual answers.
Read the Fine Print
Know the ins and outs of the policy you are applying for. Read the terms and conditions, clarify any vague phrasing, and double-check the requirements. Claim denials often happen because the insured didn't read the fine print well enough or missed critical details hiding in plain sight.
Get Help from Security Experts
Whether it's conducting a thorough security assessment or helping you with your compliance goals, a security expert from an IT support company can make a huge difference. Your IT team might be busy with the day-to-day upkeep of your technology to focus on beefing up your security to meet compliance. Or, it could be the other way around where your team is too focused on compliance to bother with putting out fires. We all need help sometimes, and a reliable managed service provider (MSP) can fill that gap.
Ready to Avoid Claim Denial Pitfalls?
The Travelers and ICS spat is a tough situation that could impact how insurance companies deny claims due to misrepresentation in the future. However, it is avoidable if you are factual in your application, know your network inside and out, read the fine print and get help from security experts.
ITS is dedicated to helping businesses meet their compliance goals by sharing our insights and expertise. To learn more about getting the right policy for your company, check out our article entitled: How to Choose the Right Cyber Insurance for Your Business.