Step 1
You can call the 24/7/365 Incident Commander Hotline number contained within your policy documentation.
You will be asked to provide the following details:
- Your name
- Your contact details
- Your business name
- Your policy number
- A brief description of the incident and when it occurred
- Other information as applicable
Alternatively, you can contact AXIS Claims through the notice methods outlined in your policy.
Step 2
Notify your insurance agent, broker or insurer of a potential claim. Engaging incident response services is not reporting a claim or event to your insurer.
The notice of claim provisions in your policy state how you must report claims and events to your insurer.
If you are reporting a cyber data incident which is either urgent or is possibly subject to the General Data Protection Regulation (GDPR), please visit www.stoplosshub.com and immediately contact the 24-hour hotline for one of our cyber incident response coaches to assist you.
If you are reporting a cyber data incident which is either urgent or is possibly subject to the General Data Protection Regulation (GDPR), please visit www.stoplosshub.com and immediately contact the 24-hour hotline for one of our cyber incident response coaches to assist you.
If you are reporting a cyber data incident which is either urgent or is possibly subject to the General Data Protection Regulation (GDPR), please visit www.stoplosshub.com and immediately contact the 24-hour hotline for one of our cyber incident response coaches to assist you.
Overview
What is cyber incident response and how does it work?
Cyber incident response is the set of actions taken to respond to and manage a data breach or cyber incident. Your policy may provide for certain cyber incident response services, and you should review your policy with your insurance agent or broker to determine any response services that are available to you.
The Process
What happens once I have engaged the cyber incident response service?
Every incident is different but generally the process will be as follows:
- The Incident Commander will typically set up an initial call so they can understand what has happened, what data is involved and when the incident was first discovered
- They will suggest actions you can take to mitigate any immediate risks
- They will coordinate a second call between you and any specialist advisors (as required) with the aim of creating, scoping and agreeing to a response plan
- They will explain what happens next and how the process will flow over the next few hours and days
- They will assist with the implementation and coordination of the Response Plan
Advisors
Who are the specialist advisors?
If provided in your policy, you may have access to the following specialist advisors and services:
Incident Response Managers are often lawyers with legal and privacy regulatory expertise. This is useful for incidents involving personal or non-public data, which potentially trigger regulatory and contractual obligations and can result in third party liability. Privacy lawyers can act as a legal advisor, under privilege, to determine your rights and obligations in the event of a cyber incident and help protect those rights and meet the obligations.
Forensic services are provided by digital investigators who piece together information to help a business understand the cause, scope and status of a cyber incident. They provide guidance on how to mitigate, stop or prevent further incidents. Due to their exposure to many cyber incidents they are a highly valuable addition to the incident response services.
In the event of an extortion or ransomware incident, consultants offering Extortion Services use forensic analysis techniques and software to investigate incidents, attempt to recover encrypted data and confirm that decryption keys work. Some may hold crypto-currency wallets and can assist with contacting the threat actors to bring the situation to a satisfactory conclusion.
PR Services help businesses respond to a cyber incident. They use their crisis communication expertise to help effective and appropriate communication with internal and external stakeholders. They can provide full support or can supplement existing capabilities, but they focus on messaging designed to keep a brand’s integrity and reputation unharmed.
Notification services help businesses alert individuals whose personal data is impacted by a data event in a timely and cost-effective manner. They use a notification service provider to notify large numbers of affected individuals quickly via multiple channels. Notification services will also complement other teams such as PR and legal to ensure that all messaging is appropriate for the audience, the sensitivity of the event, and that all legal and regulatory obligations are satisfied.
Credit monitoring services are services offered to individuals impacted by a cyber incident to protect them from the effects of their personal data being compromised e.g. web monitoring for their personal data or alerts if their credit scores change due to suspected fraudulent activity or identify theft.
Incident Response Managers are often lawyers with legal and privacy regulatory expertise. This is useful for incidents involving personal or non-public data, which potentially trigger regulatory and contractual obligations and can result in third party liability. Privacy lawyers can act as a legal advisor, under privilege, to determine your rights and obligations in the event of a cyber incident and help protect those rights and meet the obligations.
Forensic services are provided by digital investigators who piece together information to help a business understand the cause, scope and status of a cyber incident. They provide guidance on how to mitigate, stop or prevent further incidents. Due to their exposure to many cyber incidents they are a highly valuable addition to the incident response services.
In the event of an extortion or ransomware incident, consultants offering Extortion Services use forensic analysis techniques and software to investigate incidents, attempt to recover encrypted data and confirm that decryption keys work. Some may hold crypto-currency wallets and can assist with contacting the threat actors to bring the situation to a satisfactory conclusion.
PR Services help businesses respond to a cyber incident. They use their crisis communication expertise to help effective and appropriate communication with internal and external stakeholders. They can provide full support or can supplement existing capabilities, but they focus on messaging designed to keep a brand’s integrity and reputation unharmed.
Notification services help businesses alert individuals whose personal data is impacted by a data event in a timely and cost-effective manner. They use a notification service provider to notify large numbers of affected individuals quickly via multiple channels. Notification services will also complement other teams such as PR and legal to ensure that all messaging is appropriate for the audience, the sensitivity of the event, and that all legal and regulatory obligations are satisfied.
Credit monitoring services are services offered to individuals impacted by a cyber incident to protect them from the effects of their personal data being compromised e.g. web monitoring for their personal data or alerts if their credit scores change due to suspected fraudulent activity or identify theft.
Case Studies
Cyber claims case studies examples:
∗This material is provided for informational purposes only and is not an offer to sell, or a solicitation to buy, any particular insurance product or service for a particular insured. The services and service provider discussed are suggested as risk mitigation and incident response resources. Use of the service provider does not guarantee the performance or quality of the services provided, including the avoidance of loss, the fulfilment of any obligations under any contract or compliance with any law, rule or regulation. AXIS is not responsible for the effectiveness of a cyber risk management program and encourages each policyholder, together with advice from their professional insurance advisor, to perform its own independent evaluation of any service provider as part of its overall risk management strategy.
Claims
We deliver on our promises
Effective resolution for customers is achieved with our highly skilled claims specialists focusing on:
- Quick decision making
- Championing your needs
- An honest approach
∗∗Claims examples may be based on actual cases, composites of actual cases or hypothetical claim scenarios and are provided for illustrative purposes only. Facts have been changed to protect the confidentiality of the parties. Whether or to what extent a particular loss is covered depends on the facts and circumstances of the loss, the terms and conditions of the policy as issued and applicable law.
Related
What’s happening at AXIS
Related news and updates across the organization
Find your future at AXIS
We are a global insurer and reinsurer tackling unique challenges. At the heart of it all? Our people. As unique as the risks we face.
