Insurers, counsel, and end clients prioritize predictability in cyber claims. Uplifts introduce significant uncertainty, making it challenging for insurers to manage their financial exposure to a claim and maintain a stable business model. This is why insurers often seek to minimize the risk of significant costs in the claim process through thorough pre-breach planning, robust data breach response protocols, and careful selection of experienced vendors.

Never-the-less, the quote, ingest, and uplift model has become the norm for many data breach reviews.

These unforeseen but sometimes predictable increases in the scope and cost of the project go beyond initial estimates. They arise due to a failure to properly consult in the initial stages with all stakeholders, unanticipated complexities in the data, lack of familiarity with regulatory requirements or even that the vendor may lack industry specific knowledge to price accurately at the start of the engagement.

Uplifts are undoubtedly problematic and are usually considered a serious issue because they contribute significant additional cost to a claim or uninsured that could impact other services. In addition, uplifts damage the reputation of all parties involved – claims, attorneys, and vendors will all be diminished when uplifts occur.

A phenomenon has haunted the breach review space since the inception of the service itself, affecting carriers, counsel, and all parties involved in the industry. We call it the no-promises guarantee. Organizations will loudly trumpet, “No more uplifts! Guaranteed pricing!” This promise sounds like a dream come true in data breach review services, where cost predictability is crucial.

The catch?

The initial quote is entirely non-binding. It’s a ballpark figure. A friendly suggestion.  A pre-quote, if you will. The real quote they will stand behind comes only after they’ve ingested your data and narrowed your options.

Let’s be clear: this isn’t eliminating uplifts.

More accurately, it’s shifting when uplifts occur. The initial quote becomes meaningless, a mere placeholder. The “guaranteed” price is only revealed after they have all the information, meaning they’ve already accounted for any potential “uplifts” within that final, guaranteed figure.

So, what’s the real value here?

Absolutely none.

The promise of “no uplifts” is a semantic trick.

You’re still facing the same potential for cost escalation – it’s just happening at a different stage. Instead of the unpleasant surprise in the initial quote, you get the unpleasant surprise after you’ve committed. If you could have this knowledge beforehand, it would allow you to change strategy or look internally to the client. But instead, you’re paying for a data ingestion exercise in order to get a binding quote.

This type of approach creates several problems:

• False Sense of Security: The initial quote can lure you in, only to be replaced by a potentially much higher figure once the data is analyzed. You’ve invested time and shared knowledge of an event to a third party based on a number that has no bearing on reality. The reality would be that you, as the manager of the case, must have the unpleasant conversation and backtrack on earlier statements.
• Lost Time: You could waste valuable time going through the initial quoting and contracting process, only to find the final price is beyond what the claim can handle. This delays your actual breach response and adds unnecessary stress to your client management.
• Lack of Transparency: This tactic obscures the project’s actual cost upfront. You’re not getting a realistic picture of the potential expense until you’ve committed to working with them. The individuals who must relay and manage the client relationship typically may lose faith with the end client as they feel the initial conversation was not transparent.
• Data Transfer = Trapped: You have already transferred the data to the vendor to begin the data mining and review phase. You have discussed the quote and how the work will start immediately with claims and the end client. When a significant change in cost occurs, most do not feel empowered to pull the data, and most go forward with a considerable cost increase. Obtaining certainty and knowledge before that transfer would allow individuals to avoid missteps.

If you want to avoid uplifts, talk to Morae. Our transparent Worry-Free Review experience means that we will spell everything out, in writing, up front, what we are doing, how long it will take, and how much it will cost.  Responsibilities are established, both yours and ours, before data ingestion.  That means, no uplifts.  To be clear, no uplifts, overruns, or false starts, so that you can avoid those bad conversations around the claim and the relationship.

At Morae, we approach every project with three key pillars of execution:

1. Honesty: If the project is straightforward at the start, it will be in the end, as we do not make mountains out of molehills.
2. Consultative: Upfront and informative conversations with individuals specializing in Data Breach Review. And not treated as a run of the mill eDiscovery project.
3. Technology: An Easy Button does not exist for these matters. We know where technology fits within a review and where it will add more cost, and we can discuss our methodologies at great length before ingestion.

In the data breach world, transparency and predictability are paramount. True value comes from working with a partner who provides a thorough, well-researched fee based on their experience and expertise before data ingestion. While adjustments are sometimes unavoidable, they should be based on clearly defined, mutually agreed-upon triggers, not hidden within a post-ingestion “guarantee.”

Don’t be fooled by marketing gimmicks. Demand true transparency and a realistic quote from the outset. Your budget – and your peace of mind – will thank you.