I spend a ton of time in green rooms. You know, those backstage holding pens where you sit before going on stage. The other day, I was getting ready to give a talk on cyber insurance, and guess who was in the green room with me? A cyber insurance agent. Yep, the guy who sells you your policy and then—if disaster strikes—decides whether or not to stand by you when it’s time to cash in on that claim.
I had one burning question for him: How do you decide who you’re going to stand by and who you’re not?
Because let’s be honest—44% of claims get denied. And knowing that I was about to go on stage and tell a room full of business leaders that stat, I figured I’d better know the secret to getting into the 56% that actually get paid.
His answer? The ones who don’t get paid are the ones who aren’t prepared.
And just like that, the answer was clear.
The ones who DO get paid have documented conversations, written policies, evidence that their team has signed off on those policies, and proof that they’ve actually trained their people. The ones who get left out in the cold? They’re the ones who assumed their policy was a magical get-out-of-jail-free card and did nothing to back it up.
And then he dropped this gem: “The more organized the victim is, the more likely they are to get covered.”
Basically, if your claim is buttoned up and airtight, they know you mean business. He compared it to an IRS audit: If the auditor walks in and your books look like a toddler’s art project, they’re gonna roll up their sleeves and settle in for a long day. But if you’ve got every receipt, every ledger, and everything neatly documented, they take one look and think, Meh, nothing to see here.
Same goes for cyber insurance. If you show up with solid documentation, well-organized records, and a clear paper trail proving you took cybersecurity seriously, the insurance company thinks, Wow, fighting this payout isn’t going to be worth it.
So here’s the bottom line: If you want to make sure your cyber insurance actually works when you need it, you need to be ready for a fight. Not just against hackers, but against your own insurance company. Document everything. Train your team. Keep evidence that you’ve actually followed through on your commitments.
Because when the time comes, it won’t just be about defending yourself against class-action lawsuits or opportunistic lawyers after a breach—it’ll be about showing your insurance company that you took your commitments seriously. And that, my friends, is how you land in the 56% that actually get paid.
Now, go tighten up that documentation before the worst happens. Your future self will thank you.
