In the insurance industry, an “endorsement” is used to amend an insurance policy. Endorsements can be used to add items to a policy, amend policy provisions, or update an insured’s coverage. Endorsements also can be used to provide directions to third parties with whom an insured can work if a claim is made under a policy.
Specifically, insured parties can use endorsements in connection with their cyber insurance policies in order to set in advance the outside advisors – e.g., cyber forensic consultants, outside legal counsel, P.R. firms, etc. – that the insured will utilize in the event of a cyberattack, data breach, or other event triggering the cyber policy. Many companies who are victimized by cyberattacks or data breaches often waste critical time in the crucial hours and days after an attack trying to find appropriate forensic consultants and outside counsel. Even companies who have cyber insurance policies often suffer from delays in being paired with “panel” forensic and law firms recommended by their carriers. Moreover, the insured party typically has no prior relationship with the panel firms, which can result in further delays as the consultants and law firms have to obtain a basic understanding of the business and their points of contact before beginning the substantive response efforts that are so vital to success.
By contrast, companies who have thoughtfully utilized an endorsement to designate their preferred third-party advisors know exactly who to contact in the event of a cyberattack, data breach, or another triggering incident. Moreover, designation of cyber forensics firms and law firms in advance of an attack or incident allows the third-party advisors to develop a relationship with the insured and understand the insured’s business before an attack occurs. This substantive knowledge and prior relationships with key points of contact within the company can save valuable time and money, and, often, they can make a significant difference in the result of the response to the attack.
Developing relationships with third-party advisors in advance of an attack or cyber incident is one of the cornerstones of good “cyber hygiene.” And, if a company does develop these relationships, it would be wise to consider utilizing an endorsement for a cyber insurance policy to allow the company to continue to utilize its trusted advisors in the wake of a cyberattack or data breach. Such actions can save time and money, and they can be crucial in terms of achieving a successful outcome in the wake of an attack.