This post addresses the little nuance that is often ignored or potentially missed during an incident response process that can be key to saving some $$$.
Mail-in cash rebates have been prevalent for quite some time, and I am sure most of us used this perk at some point. I know I have tried it myself countable times, reluctantly! I have always wondered what’s the success rate of receiving a cash back.
An overview of the process is three-fold – first, buy a product that offers mail-in-rebate and follow the instructions to the letter, I mean literally to the letter before you snail mail all the required proof. Second step is to track the rebate (online if you are lucky otherwise call customer support) and provide any missing information or documents within the stipulated time. Finally, once the check is received (which means you have done everything right up until now), go ahead and deposit it on time. Now it’s probably time for a toast!
Step back and ponder over the entire process described above. A lot can go wrong here and in fact it did for me and certainly for most of us. This could be for a variety of reasons – missed to attach a copy of the receipt, sometimes it’s the original receipt that’s needed, or did not attach the actual UPC barcode from the box or package, and sometimes did not provide all the necessary contact details.
Now switching gears to incident response, as we all are aware that one of the key aspects during an incident response process is to strictly follow the incident response plan (apart from the obvious fact that it is up to date and tested!). If the incident response plan is done right, it should specify the specific groups, parties that need to be notified once an incident is confirmed. These may include, third party organizations, internal and external legal teams, forensic firms, FBI, insurance company, local, state, and federal law enforcement etc. A key entity here is the cyber insurance company that covers for the incident.
In most cases a cyber insurance policy dictates the group of law firms, forensic firms, and mail firms to be involved when a breach ensues. It will be an uphill battle if an organization involve the firms that it fancies unless they are listed in the policy to begin with. A cyber insurance company is analogous to a consumer product company that basically honors your mail-in-rebate, only in this case to sanction your claim to cover for the cyber incident damages.
Like the mail-in-rebate ordeal, successfully claiming cyber insurance also entails checking a lot of boxes before the insurance provider decides to honor it. Critical steps to address before something goes haywire:
- Have the incident response process and plan revised, tested and in order
- Validate your cyber insurance policy adequately covers your organization’s cyber risk (probably a topic for another day)
- Verify if the cyber insurance policy has all the entities that you/your legal team would like to engage
If either of the above are not addressed just in time for a breach, a great advise is to stay away from engaging entities that are not in the cyber insurance policy to assist with any incident response activities. Reaching out only to the specific parties listed on the cyber insurance policy saves a lot of bacon. Otherwise, it makes it easier for the insurance provider to deny the claim right out of the bat. This is often overlooked either due to lack of knowledge or missed due to the conundrum surrounding a breach and that is a curve ball one could easily avoid.
I gave up on mail-in-rebates ages ago, but unfortunately, that is not an option for digital organizations. I hope this nugget saves somebody some bacon!