When Cyber Attacks Actually Happen
Cyberattacks don’t come without warning. Within minutes, systems can be crippled, data encrypted, or customer information leaked to the public.
That’s when the company realized: who would bear these losses?
For companies with cyber insurance policies, this moment is a crucial test — whether the coverage purchased actually works or not.
However, experience shows that many cyber claims are delayed or denied not because they are not covered by the policy, but because the claims process is not carried out properly.
This is where PT. Liberty and General Insurance Broker (L&G Insurance Broker) plays a vital role: helping clients navigate the claims process quickly, completely, and in accordance with insurer procedures.
Contact L&G Insurance Broker now at Phone number 08118507773for a free consultation before the risks haunt your business.
Why Cyber Insurance Claims Are Not as Simple as Conventional Insurance
Unlike fire or vehicle claims, cyber insurance claims are very complex, because:
- Concerning digital data and forensic evidence, not physical damage,
- Involving third parties such as IT vendors, legal consultants, regulators, and customers,
- And there are often multiple losses — financial, reputational, and legal.
- In addition, there are many technical factors that caninfluenceinsurer’s decisions, such as:
- Whether the attack comes from outside or inside,
- Have preventive measures been taken,
- And whether the cause falls within the policy coverage or exclusions.
Without professional assistance from a broker, cyber claims can be a long and complicated process.
Common Claim Types in Cyber Insurance
Before discussing the process, it is important to understand the types of claims that are typically filed:
| Claim Type | Brief Explanation | Sample case |
| Data Breach | Leakage of customer or employee data. | E-commerce customer database leaked on hacker forum. |
| Ransomware Attack | The system is locked and a ransom is demanded. | Hospital servers were attacked, medical data was inaccessible. |
| Business Interruption | Operations were disrupted due to cyber attacks. | Sales app offline for 5 days due to malware. |
| Cyber Extortion | Threat of data disclosure or system destruction. | Hackers threaten to sell data to the dark web. |
| Privacy Liability | Legal liability for personal data breaches. | Customer sues company for data breach. |
| Social Engineering Fraud | Fraud through social engineering (phishing). | Staff transferred funds to fake accounts. |
Each type of claim requires a different approach to evidence and documentation.
Cyber Insurance Claim Process: Step by Step
Here are the general steps involved in a cyber insurance claim — along with the role of L&G Insurance Broker at each stage.
🔹Step 1 – Incident Detection and Isolation
Once a cyber incident is detected:
- Immediately isolate the system to prevent further damage.
- Note the time and manner in which the attack was discovered.
- Activate the Incident Response Plan.
📌Peran L&G:
Provide initial guidance to clients so that actions taken do not damage forensic evidence required by the insurer.
🔹Step 2 – Notification to Broker and Insurer
Most cyber policies require reporting incidents within 24–72 hours of becoming aware of them.
The initial report can be in the form of a Notice of Loss or Incident Notification Form.
The contents of the initial report usually include:
- Brief chronology,
- Initial loss estimate,
- Actions that have been taken,
- Responsible contact person.
📌Peran L&G:
L&G helps draft official notifications and send them to the insurer according to procedure, so that the client’s claim rights are protected from the start.
🔹Step 3 – Activate Response Team (IT Forensics & Legal)
Once the report is received, the insurer will appoint an adjuster and a cyber forensic consultant to investigate the cause of the incident.
This team will:
- Collecting digital evidence,
- Analyzing the source of the attack,
- Determine the extent to which data or systems are affected.
📌Peran L&G:
Accompany clients in coordinating with adjusters and ensure all communications are well documented.
🔹Step 4 – Collecting Supporting Documents
This stage is the backbone of the claim.
The more complete and quicker the documents are collected, the smoother the claims process will be.
Commonly Requested Documents:
| Document Type | Sample Content |
| IT incident report | Chronology, systems affected, time of incident. |
| Digital forensic evidence | Activity logs, malware analysis results, IT vendor reports. |
| Proof of expenses | IT consultant invoices, PR fees, third party compensation. |
| Evidence of loss of income | Financial reports and evidence of system downtime. |
| Legal report | Letter from regulator (e.g. Kominfo) or lawyer. |
📌Peran L&G:
Help compile a list of documents that meet police requirements and ensure that no important items are missed.
🔹Step 5 – Evaluation by Insurer
Once the documents are complete, the insurer will assess:
- Is the incident included in the policy coverage,
- Are all precautions in accordance with safety standards,
- And how much compensation is worth paying.
If approved, the insurer will issue a Letter of Acceptance (LOA) and calculate the claim value.
📌Peran L&G:
Brokers advocate with insurers if there are differences in the interpretation of policy wording, ensuring that the claim value is paid in full according to the guarantee.
🔹Step 6 – Claim Payment
Once the LOA is approved and all documents are verified, the insurer will make the claim payment to the insured’s account.
Payment times depend on the complexity of the case, but with complete documentation, it can usually be completed within 30–60 business days.
📌Peran L&G:
Monitor until the funds are actually received by the client, and help prepare the final claim closure report.
Case Study: Cyber Claims in Indonesia and Abroad
💼Case 1 – E-Commerce System Hacking
An online shopping platform lost 500,000 customer data.
Reputational losses and notification costs reached Rp 1.8 billion.
Thanks to the broker’s help, the claim was paid in full within 45 days — without dispute.
💻Case 2 – Ransomware Attack on Hospital
Digital medical record system encrypted by ransomware.
The policy covers the costs of IT forensics, hardware replacement, and PR management — a total of Rp 9.2 billion.
L&G ensures that the costs of negotiating the ransom are also compensated, as per the policy wording.
🌍Case 3 – Multinational Data Breach
A global company lost employee data from a regional server in Jakarta.
Because the claim report was 15 days late, the insurer initially rejected the claim.
The broker managed to negotiate using the force majeure clause — ultimately 70% of the claims were paid.
Common Challenges in the Cyber Claims Process
Even though the policy is active, many cyber claims are delayed because:
| Challenge | The impact |
| Late incident report | The right to claim may be lost. |
| Lack of forensic evidence | The insurer could not confirm the cause of the attack. |
| Not understanding policy wording | The claim was rejected as it was deemed unsecured. |
| IT vendors do not cooperate | Technical documents are difficult to collect. |
| Lack of internal coordination | Communication between departments is not synchronized. |
📌Solutions from L&G:
With experience handling a variety of large claims, L&G helps organize communication flows, reminds deadlines, and ensures all documents meet insurer standards.
Minimum Documents to Initiate a Claim
In order for claims to be processed immediately, clients are advised to prepare at least:
- Official notification letter (Notice of Loss).
- Chronology of events (date, time, systems affected).
- Initial report from the internal IT team.
- Initial loss estimate.
- Temporary proof of costs (invoice, receipt).
📌Tips from L&G:
“It’s better to report first, then collect the documents,” because claims that are reported earlier have a stronger position.
The Role of L&G Insurance Brokers in the Cyber Claims Process
The broker’s role does not stop when the policy is issued.
L&G acts as a “claims advocate” — a professional representative who fights for clients’ rights to have their claims paid in full and promptly.
L&G Services in Claim Process:
- Early Claim Notification – sending an official report to the insurer in a timely manner.
- Claim Documentation Assistance – helps prepare documents according to the insurer’s checklist.
- Forensic & Legal Coordination – connecting clients with trusted forensic experts and legal consultants.
- Policy Interpretation – explains the policy clauses if there are differences in interpretation.
- Settlement Negotiation – negotiating to achieve an optimal claim value.
- Claim Follow-Up – monitor the payment process until completion.
- With a systematic approach, L&G ensures that no claims are “stuck” simply due to administration.
Broker Tips: How to Speed Up Cyber Insurance Claims
🚨Report any incident immediately, no matter how small.
📑Keep complete system logs and digital evidence.
💬Fast coordination between IT, legal, and finance teams.
🧾Collect all proof of expenses from the start, including vendor invoices.
🤝Use an experienced broker to ensure efficient and accurate communication with the insurer.
Conclusion: Faster Claims = Faster Business Recovery
Cyber insurance not only protects against financial losses, but also speeds up business recovery after a cyber attack.
However, this protection is only effective if the claims process is carried out correctly and quickly.
With the assistance of PT. Liberty and General Insurance Broker (L&G Insurance Broker), companies no longer need to worry about dealing with complicated claims bureaucracy.
L&G acts as a technical advisor and claims controller, ensuring that any insured losses are actually paid by the insurer.
🔐Does your company know the right steps to take in the event of a cyber attack?
Get comprehensive guidance and professional claims support from PT. Liberty and General Insurance Broker (L&G Insurance Broker) — your trusted partner in digital risk protection.
HOTLINE L&G 24 JAM: 0811-8507-773(CALL – WHATSAPP – SMS)
Website: lngrisk.co.id
Email: halo@lngrisk.co.id
