Claims expert: 4 things to avoid if you suffer a cyber incident

What’s the key to a smooth claims process when you suffer a cyber incident? We spoke to Ashley Burdon, Cyber Claims Manager, CFC, to get answers. Here are four big things he says to avoid—and advice on what you should always do.

Cyber Article 2 min Tue, Dec 5, 2023

Sorry, but we have some bad news. Your business is suffering a cyber incident and it’s made your computer systems and data inaccessible. Naturally, you’ll want to react quickly, activate your insurance cover with CFC and minimize the impact of the incident. But taking the wrong actions can play out negatively down the line, as you go on to make a claim. 

We sat down with Ashley Burdon, Cyber Claims Manager, CFC, to unearth common actions that can actually end up harming the claims process. Read on for four big things to avoid if you suffer a cyber incident, and advice on ensuring the incident is resolved smoothly and effectively.

  1. Engaging vendors before anything else

    In the hurry to get back online, it’s tempting to immediately reach out to different vendors you believe will help resolve the incident. But since there are many nuances to consider, doing so will only slow the process down and potentially have a negative impact on your claim. What if the incident isn’t what it first seemed? Can the selected vendor offer the level of service required for your size of business? Will the cost of a vendor exceed the amount covered by your policy? 

    These are hard questions to answer, which is why we’re here to help. By contacting us straight away, our expert remediators will analyse the demands of your specific case. We’ll then reach out ourselves to trusted partners we know can help bring this type of incident to resolution. 

  2. Negotiating the ransom yourself

    Negotiating with threat actors is a balancing act where one false move can result in disaster. Say you try to bargain down the price of a ransom too far, and motivate the threat actor to increase the ransom even further. Or worse, what if they end up publishing sensitive data in retaliation, resulting in a PR disaster for your business.

    To avoid these pitfalls, we have a global team of specialist negotiators ready to respond on your behalf. Using their extensive threat intelligence channels, knowledge of the particular ransomware group and severity of the cyber incident, our experts will act in your interest in high-pressure negotiations, giving us the best chance of settling a reasonable ransom figure.

  3. Restoring data on your own

    If it was easy to restore data, cybercriminals would be out of a job. One slight error when attempting a fix can end up wiping out everything, even if your backups hadn’t originally been destroyed. That’s not all. Sometimes the entire database isn’t affected by a breach. But erasing digital artefacts means you can’t tell who has been impacted, forcing you to notify the entire database regardless and leaving you worse off. Data erasure also makes it difficult to assess the exact nature and impact of the incident, which is essential in fixing, restoring and compensating the claim.

    Fortunately, we’ve built the largest in-house incident response team in market, offering deep technical expertise to restore your data, repair your computer systems and get your business back up and running. What’s more, by leaving this tricky task to us, you can focus on what matters most: your business.

  4. Disclosing too much too soon

    When an incident occurs, businesses often have an obligation to make a public statement. But once a statement is out there, there’s no going back; the incident could turn out to be less serious than first feared, but the reputational damage would already have been done. 

    It’s important to strike the right balance. Saying too much too soon can damage reputations and mislead customers, so it’s best to reveal only the necessary details until we learn more. If you want to release a statement, or have an obligation to, get in touch and we’ll provide access to the professionals you need to get the balance right, from legal advice to crisis communications. 

What should you always do? Contact CFC first.
When you learn of a cyber incident, the first thing you should do every time is contact CFC. Thankfully, our Response app makes this quick and easy. In just a few clicks, you can report an incident and access expert technical support for any challenge you’re facing. 

It’s easy to go to panic stations at first sight of a cyber incident. But we’ve built a team that specializes in remediating them. So, if you’re ever faced with a cyber incident, follow this golden rule to make your claims process friction-free. Just contact CFC first. 

At CFC Summit, our panel of cyber experts was on hand to answer your burning questions. Hear more from our claims expert, Ashley Burdon, by watching the session on demand here.