Cyber coverage highlights: Unlimited reinstatements

With cyber attacks rising in number, how can businesses protect themselves against the risk of suffering multiple incidents in a single policy period? Discover the value of a new limit for every unrelated claim.

Cyber Article 5 min Fri, Jul 5, 2024

Today’s stark reality is that cyber attacks are growing in both number and impact, increasing the risk of businesses falling victim to multiple attacks in a single year. In this environment, only having access to a single aggregate limit can leave businesses exposed, with a single incident entirely capable of using the full policy limit. To give businesses reliable protection and peace of mind, they need cover for multiple events in the same policy period.

Many cyber insurance policies fall short in this way. But at CFC we built unlimited reinstatements into the core of our insurance product. If a first cyber event wipes out the original policy limit, to ensure a second cyber event is covered we reinstate the limit—helping businesses remain resilient to whatever’s round the corner.


What are unlimited reinstatements?

The majority of cyber insurance providers work with an aggregate limit. Each claim erodes this limit, until the point where no money is left to protect the business—despite them still being a policyholder. If cyber attacks were simple and inexpensive to manage, this wouldn’t be so much of an issue. However, this is far from the case. Increasingly disruptive attack techniques mean that often a single event can max out a policy limit, especially when you take into account the cost of forensics, business interruption loss, remediation costs legal expenses and so on.

If a first cyber event wipes out the original policy limit, to ensure a second cyber event is covered, we reinstate the limit.

It’s easy to see how this can be a significant benefit. Say one month a ransomware attack hits, taking up the full $1 million limit agreed in the policy—no exaggeration considering the average length of downtime after a ransomware attack is 24 days. When three months later the business is disrupted by a second, unrelated fund transfer fraud incident, the policyholder is given a fresh $1 million limit to cover the costs of this new attack.


Business benefits: Multiple limits for the price of one

With a CFC cyber policy, if an initial cyber claim exhausts the full policy limit and the business then needs to make a second, unrelated claim, they’ll receive a new reinstated limit. Allowing for multiple limits, at the cost single premium payment. Not only does this represent better value for money, but it offers vital, long-term protection throughout the lifespan of the policy. Ensuring the business can operate with peace of mind, even after suffering a cyber attack, knowing that their cyber policy will respond to its full capacity if another, unrelated cyber attack hits.

Unlimited reinstatements in action

A manufacturing firm suffered two cyber incidents in as many months, starting with a ransomware attack. The threat actor exploited a VPN vulnerability, deploying ransomware and leaving an extortion note demanding $750,000. After the firm notified CFC, our in-house cyber claims and cyber security team determined the ransom did not need to be paid, and instead helped rebuild impacted systems. In total, the financial losses—including loss of income from downtime, forensic investigation and legal counsel—came to just over $1 million. Luckily the entire cost was covered by the firm’s policy with CFC.

 

Since CFC’s cyber policy provided unlimited reinstatements, the firm still had access to the full policy limit, ensuring they were fully reimbursed.

Unfortunately, the firm then fell victim to funds transfer fraud. Acting on a fraudulent email, an employee directed a significant payment to an account owned by the cybercriminal, leaving the firm out of pocket. Since CFC’s cyber policy provided unlimited reinstatements, the firm still had access to the full policy limit, ensuring they were fully reimbursed.


Market-leading cyber cover

With cyber incidents posing a constant threat, unlimited reinstatements for unconnected claims in the policy period is a vital tool for businesses everywhere.

At CFC we also don’t impose any warranties or conditions specifying security controls or callback provisions for businesses at the time of an incident. Allowing us to focus on what matters, getting a business back online.

 

To see unlimited reinstatements in action, check out this full case study. As always, our team is on-hand to answer any questions. Get in touch here.