Hamilton Ontario - Another denied cyber insurance claim

Written By Dustin Bolander

The big headline this week has been around a denied cyber insurance claim for a city in Canada.

While we are still early in the process and details are still coming out, a few key takeaways have become clear.

The important part is at the end of the article:

Ward 9 Coun. Brad Clark said he found it “very frustrating” that multi-factor authentication wasn’t put in place years ago after learning from a staff member at the meeting that Hamilton’s insurance company sought it in late 2022.

When its claim was denied, the city obtained a third-party review of the decision and did not pursue further legal action as it learned the insurer’s action was based on coverage terms.

There are two important concepts for complying with your cyber insurance policy. Due care and good faith effort, as defined by the Marriam Webster dictionary:

Due care: the care that an ordinarily reasonable and prudent person would use under the same or similar circumstances

Good faith: honesty or lawfulness of purpose

In 2022, multifactor authentication (MFA) was widely accepted as necessary, and according to news articles, the city knew it was deficient. Which brings us to the good faith aspect - the denial of the claim implies that the city represented it had MFA deployed.

Unfortunately most denied claims in the news are because of massive damages, and major issue with misrepresentation. The Beltex team has seen claims paid out in full for simple infractions, such as one user having MFA in bypass mode. This is not a pervasive issue in the cyber insurance industry, most of the large denial rates cite non-existent articles or dead links (presumably these statistics are AI hallucinations.) However claims denials do happen sometimes, but most headlines appear to be due to a combination of multiple major deficiencies.

This was written by a United States licensed insurance agent with a focus on SMB/SME cyber insurance. The takeaways are focused on US policy holders, but should be generally applicable worldwide.
Dustin Bolander
Next

Looking at multiple renewal options saved this MSP over $40k