We have insurance for those unexpected issues. We’re Good.

Carmine Corridore

Cyber Insurance Isn’t a Safety Net Without Strong Cybersecurity. Here’s Why Prevention Matters More Than Protection.

I come across a story like this every so often. We meet with a business executive to explain what we do and get the following response: “We have cyber insurance. We are all covered. We don’t need whatever you’re selling.”


Don’t get me wrong; having cyber insurance is important, and you need to have it, but it’s not the end-all solution to combating cyber attacks.


In fact, if you don’t have proper cybersecurity controls in place, you can be denied a claim.


Cyber insurance is excellent for financial restoration when you get attacked. No, I didn’t mistype the word "when" in the last sentence. There are other things to consider, such as the fact that no amount of insurance can restore your reputation.


Anna and Robert’s Story Prequel


Recently, I wrote a LinkedIn article about two resort owners of 43 years, Anna and Robert. Let’s go back to how I met Anna and Robert. We were at a mixer together and had a polite conversation. I asked about their IT needs and their concern with cyber attacks.


Robert replied, “We have a long-standing relationship with an IT support company with which we are comfortable. We have been working together for 20+ years. They have got us covered. Plus, we have insurance for those unexpected issues. We’re good.” With that, I ended the conversation with, “Well, if anything changes, here is my card; give me a call.”


Fast Forward: The proverbial "IT" hit the fan. The Aftermath of a Cyber-Attack


Once Anna and Robert found out they had no backup, they called their insurance agent. One of the first things the insurance company does is bring in an approved incident response (or IR) team. Their job is to determine how the incident happened and help get you back up. The insurance company may bring in someone to negotiate the ransom and extortion payments.


Treat it Like a Crime Scene


At this point, it’s all hands-off. Nothing can happen unless the IR company tells you. You can’t turn off computers, reboot routers, or wipe and reload computers. You have to treat it like a crime scene. Everything is being documented. Everything is being reviewed.


And now, the rest of the story


After the couple contacted the insurance company, Anna and Robert called me. They wanted to see if there was anything I could do. I explained, “Unfortunately, I can not. The IR company is running the show. They will likely use your current IT provider for hands-on work. However, I am here if you have any questions.” They thanked me for my time, and then Robert asked, “How long do you think we will be down? We are about to head into our busiest time of the year.” I replied, “Robert, I wish I had good news for you, but you will likely be down for 3-6 weeks minimum.”


I occasionally checked in with Anna and Robert to see how they were doing mentally and to see the progress of the restoration.


3 Months and none the Richer


Three months later, the IR team had concluded their investigation, and the ransom and extortion payments had been negotiated and paid. The data was finally restored, and the resort was starting to come online.


The total hard costs for this cyber incident, including the IR team, the negotiation, the breach coach, notifications and credit monitoring for the affected, and the ransom itself, are slightly over a million dollars.


The Incident Response Team found:

  • Insufficient Antivirus on some of the computers
  • Out-of-date firewall
  • No evidence of MFA (Multi-factor authentication)
  • Several computers were considered end-of-life (end of the product lifecycle)
  • Most computers needed patching.
  • Backup was inadequate, and there was no recovery plan in place.


Because of these findings, the insurance company would only pay 50% of the claim. With the resort shut down, they lost a lot of revenue because they couldn’t adequately accommodate their guests. Some guests, even some of their loyal guests, canceled because they didn’t feel safe. For the first time in over 30 years, Anna and Robert experienced net losses.


Moral of the Story


Anna and Robert thought they were covered and were doing everything right. They had no idea that they were so vulnerable or that their insurance company wouldn’t cover them completely.


After this incident was over, we sat down again. We discussed what had happened and what we can put in place to help protect them. Robert asked, “So if we hire your company, this will never happen again?” I replied, “I never tell anyone we can stop this from happening, and you should never trust someone who does. But if we put enough layers of security in place, then maybe, just maybe, they will pass you by. Our goal is to make you insurable, so when it happens, your claim will be paid 100%.”


Underdog Cyber Defense is Your Partner


Unlike many IT providers that simply “bolt on” cybersecurity solutions, Underdog Cyber Defense is unique. We are built from the ground up in cybersecurity. We combine the proactive disciplines of cybersecurity with reactive traditional IT support. The result is a security-first tailored solution for our clients.


Contact our team to schedule a consultation today.


CONTACT US
Green shield with a crack, the text

What Are Zero-Day Attacks and How Can I Prevent Them?

By Carmine Corridore August 15, 2025
Learn the dangers of zero-day attacks and how Underdog Cyber Defense protects your business with proactive measures, threat management, and advanced monitoring tools.
A person is typing on a laptop with a padlock on the screen

How Do You Train Employees to Recognize Cyber Threats?

By Carmine Corridore July 10, 2025
Teach your employees to recognize cyber threats and improve your organization’s cybersecurity with comprehensive awareness training. Contact us today!