Managing Cyber Incidents: Insights from Industry Experts
When a cyber incident strikes, speed, coordination, and clear communication are critical.
In a recent webinar we hosted with Intelligent Insurer, we brought together claims professionals, breach counsel, forensic experts, and data analytics specialists to share best practices on responding effectively and mitigating risk.
Here are key takeaways from the discussion.
Build Trust from the First Call Onward
Early triage sets the tone for the entire response. Clear communication, quick fact-gathering, and establishing rapport with the insured are key.
Pam Ellingson emphasized the importance of having claims professionals stay with a client throughout the process:
“When an insured calls in, we can open a claim immediately and guide them from start to finish. Early reporting means we can assemble breach counsel and forensics within minutes.” — Pam Ellingson, Coalition
Colin Battersby highlighted the human side of incident response:
“For the insured, this may be the worst professional day of their life. It’s crucial to build rapport early, reassure them they’re in good hands, and make clear we’ll run this operation with experienced partners.” — Colin Battersby, McDonald Hopkins LLC
Ensure Data Mining and Notification Precision
Precise analysis avoids unnecessary notifications and reduces exposure to class action lawsuits. Make sure you have your data mining needs covered well. Integreon plays a central role in data analytics, mining, and notification services that support compliance and litigation defense.
“We don’t want to over notify. Data mining helps us identify exactly who needs notice and exclude those who don’t, which can significantly reduce the potential class size.” — Colin Battersby
Don’t Underplay the Role of Forensic Accounting
Business interruption claims can be complex and require early involvement of forensic accountants to clarify losses and manage expectations. Involving forensic accountants early in the claims process helps clarify calculations and assists in preparing proof of loss, making the process smoother. Financial losses tend to crystallize over time (after the dust has settled) therefore building trust early in the process is paramount.
“We don’t want to over notify. Data mining helps us identify exactly who needs notice and exclude those who don’t, which can significantly reduce the potential class size.” — Colin Battersby
Prepare for Litigation, Even If There is No Risk of Litigation in Sight
With class-action lawsuits following cyber incidents on the rise, organizations should assume litigation risk from the outset. Accurate data mining and targeted notifications are crucial defenses.
“Being precise in notification is critical. Over notification increases class size and exposure. If no actual damages are alleged, we have a strong chance of getting cases dismissed.” — Tim Lowe, McDonald Hopkins LLC
Summary
To recap, here are the main learnings from this discussion with experts with distinct but complimentary roles to be played in post cyber incident response:
- Act fast: Assemble breach counsel, forensic experts, and claims handlers immediately.
- Build trust early: Provide reassurance and transparency throughout the process.
- Mine data precisely: Avoid over notification to limit class action risk.
- Engage experts early: Forensic accountants and legal counsel help manage expectations and strengthen defenses.
- Communicate clearly: Coverage, limits, and timelines must be transparent to maintain trust.
Cyber incidents are stressful and complex, but with coordinated teams, accurate data analysis, and clear communication, organizations can contain risk and move forward with confidence.