Rarely do claims professionals play a role in limiting liability, often because a loss has already occurred by the time they receive a new matter. That is one of the biggest differentiators in specializing in cyber-related claims, according to our next most-memorable claim interviewee, Christine Flammer.
Now a team leader in Cyber/Tech/Media for AXA XL (a division of AXA), Flammer has been handling cyber claims for more than a decade. She has a wealth of hands-on experience guiding insureds through catastrophic events, which helps to highlight the importance of including claims professionals on a crisis-response team. Here is what she has to say about her role and what she learned from one of her most memorable claims.
From your experience handling cyber claims—something that not all claims adjusters have experience with—what makes this program so unique?
“I think it is the immediacy and severity of these incidents that are most striking when compared to other lines of businesses. The moment a new incident comes in, the clock is ticking; an entire business has shut down completely as the result of a cyber event, and it is an all-hands-on-deck situation.
“In many other types of claims, a loss professional has time to review the claim, look at the coverage, and—in the event of a lawsuit—plan out the litigation strategy and defense. Cyber claims do not have the benefit of time—we are typically up against really tight deadlines.”
In your years of handling cyber losses, what claim stands out to you as most memorable?
“A few years ago, I answered a call that came through our 24/7 data breach hotline late one Saturday night. The insured was in the midst of a ransomware event. One of the company’s executives was traveling at that moment to meet a Bitcoin broker at a roadside coffee shop—with $40,000 cash on hand—to try to pay the ransom demanded by the hackers.”
This sounds like something out of a movie. How did the case resolve?
“In this situation, it was too late to call off the drop—the executive was already meeting with the Bitcoin broker. However, we were able to quickly connect the insured with the necessary vendors, including privacy counsel and forensics, to ensure things went smoothly from there on out.
“Fortunately, once the ransom was paid, the criminals returned the stolen information. We brought on additional vendors to work on the restoration efforts. People assume that once you make the payment in this kind of scenario, everything goes back to normal, but restoration is usually a long and tedious process. In this instance, we were able to get the company back up and running quickly.”
Of all the claims you have handled, why have you chosen to speak to us about this one?
“This claim is the perfect example of what often happens when insureds experience a cyberattack: they panic. Who could blame them? Their entire business was essentially shutdown. At the time, companies were not training or planning for this type of breach like they are now. Imagine how panicked you have to be in order to decide that meeting a complete stranger with $40,000 in cash shoved into a bag is a good idea!
“This case really opened my eyes to the rash decisions people can make when their companies are on the line. Even very smart, capable businesspeople need someone to have their backs and help them figure out what needs to be done. They need someone to say, ‘Let’s not just make any decision; let’s make the right decision.’”
Were there any additional lessons you took away from this incident?
“First, it is critical for businesses to have this kind of insurance. The moment a company is faced with a breach or threat, they can call us for help and we will work to put an experienced team together to determine the effect the incident may have on the business, whether a ransom payment is advisable, and how to make the payment if one is deemed necessary.
“Second, cyber claims professionals become part of the insured’s crisis response team. It is a unique privilege to be able to guide a client through such a catastrophic event. One thing we try to impress upon our insureds is how they might unknowingly yet significantly increase their liability through their response to the crisis. A cyber breach is not a problem they can brush under the rug. If there should be some regulatory action or litigation as result, we want to put our best foot forward. It is important to collaborate with insureds to handle the situation correctly from the outset.
“While insureds may experience one or two breaches in their entire professional lives, cyber claims professionals handle breaches every day. Businesses suffering from a data breach or cyberattack are victims of a crime. While they might panic, we are there to guide them through a response as smoothly as possible.”