Covering up incidents leads to contract nullification
Breaches and cybersecurity events have an extensive history of “brushing it under the rug.” Whether over misplaced embarrassment or genuinely trying to skirt regulatory penalty, it’s never a good thing. Why?
While we “assume” an enterprise follows an ironclad moral philosophy, history shows businesses will take shortcuts where they can. Therefore, not disclosing the full details of a breach event isn’t really out of the ordinary. Yes, in some cases it’s caused by an organization not having a complete audit, but in reality, it’s mainly to misrepresent the actual damaged caused by malicious intrusion.
The problem is, doing so doesn’t protect a company’s brand image, and down the line, will only makes things worse.
- It puts customers and client data in jeopardy if you’re not straightforward about the impact of a breach event
- It paints your enterprise as inherently deceptive and one that “cuts corners”
- The problem will not be properly addressed to prevent further intrusion events
And finally, it will void your coverage with a cybersecurity insurance provider.
Transparency with a provider
Just like with any insurance company, you have to paint a clear picture of an intrusion event. Today, cybersecurity insurance is rapidly growing in use and implementation. That’s because malicious events are a matter of expectancy, rather than the exception. Eventually, everyone is hit by malware in some form. Therefore, a business without some form of cybersecurity insurance is asking for trouble.
But let’s assume you’re wise enough to invest in some level of coverage. Providers will always investigate a breach event after the fact, like with any emergency scenario. Yes, it’s tempting to trying and fuzz the truth in order to get additional benefits and payments to cover “damages,” but know that providers do thoroughly inspect all details related the malicious scenario.
It doesn’t take a genius to know that if after the inspection some level of fraud is found, the contract is nullified. That means you’ll be required to remit payment, and potentially lose your contract(s) with the provider.
How can I be transparent with a provider?
It’s a good question to ask, even if the answer seems obvious. “Well, I’ll just be honest!” you might say.
That’s definitely the right approach. But insurance providers (and even regulatory bodies) are looking for correct details about an event, so it’s important to be accurate. Even a well-intentioned report that is transparent could potentially see some hurdles later on if investigations find unreported details that weren’t previously known about.
Remember, while an insurance provider for cybersecurity is there to help, they’re going to look to cut down on costs too.
It’s also incredibly important to cover every aspect of a breach event so you don’t shortchange your business. If you don’t report something, it won’t be covered. Granted, all providers are different and there’s no guarantee a reported incident will receive coverage for all aspects of said event. But for reasons of both keeping coverage getting financial resources, transparency is still critical.
Consider the facts: we are growing reliant on technology for everyday tasks. Convenience and automation are integrating into personal life and business models. Therefore, companies will want a cybersecurity insurance policy just you would with auto insurance. In other words, expect it to be a common practice.
For that reason, always maintain transparency, because it could cost you in the end.