Friedman Group
  • About Us
    • Careers
    • Privacy
  • Services
    • Business
    • Employee Benefits >
      • Share To Compare
    • Financial Services
    • Personal
    • Specialty Insurance
  • AP Blog
  • Pay Online
  • Contact
  • About Us
    • Careers
    • Privacy
  • Services
    • Business
    • Employee Benefits >
      • Share To Compare
    • Financial Services
    • Personal
    • Specialty Insurance
  • AP Blog
  • Pay Online
  • Contact

Welcome to The Friedman Blog

D&O coverage: protection against ransomware attacks?

11/26/2018

 
​It's a nightmare scenario for business owners. Employees log in to their workstations and attempt to access the usual systems, expecting to find customer reports. Instead, they find a message demanding money.

If the business wants to regain access to its software and data, it will have to pay a ransom. Until then, it is locked out. The business has become the latest victim of ransomware. 
Ransomware is malicious software that hackers introduce into an organization's computer network to encrypt its data. The hackers hold the data hostage until their demands are met.
​
Those demands are normally for money, often payable in a crypto-currency such as Bitcoin. The hackers threaten to encrypt the data indefinitely, or even start deleting it, if they do not receive payment.
​

Ransomware has been around for a decade, but its use has exploded since 2015. Because it was infrequent until recently, insurance coverage for losses resulting from these attacks has not yet been widely purchased.

While cyber insurance has been available for several years, the coverages continue to evolve with the threats they insure against. Also, businesses have been slow to see a need for these policies, resulting in a low level of sales.

Consequently, an organization that becomes a victim of a ransomware attack might find itself uninsured. However, there are two potential avenues for coverage that many organizations already have - directors and officers (D&O) liability insurance and crime insurance.

Kidnap & ransom coverage
These policy types often provide kidnap and ransom (K&R) coverage. This coverage, frequently purchased by multinational corporations, applies to an organization's cost to pay ransoms.

Traditionally, coverage applies only if an "insured person" such as an employee or executive was kidnapped. Such policies would do nothing for the victims of ransomware attacks.

Some insurers are now providing - either deliberately or unintentionally - K&R coverage that applies to ransoms paid in response to cyber extortion. Among the events these policies may consider cyber extortion:

Threats to poison a computer system with malware.
Threats to change, damage, or destroy programs or data stored on a system if the owner does not pay a ransom.
 
Some insurers who provide K&R coverage did not anticipate covering ransomware losses and have made changes to the policies they sell. For example, some have added deductibles to the coverage, mirroring the terms of cyber policies, while others have capped the amount of business interruption coverage they will provide for cyber extortion losses.

Other insurers have changed their policies to better cover ransomware losses. Some have set up Bitcoin accounts for clients so that ransom payments can be made faster, shortening the length of time a business is incapacitated.

The takeaway
Experts expect the problem to become more urgent. The cost of global ransomware attacks in 2015 was $325 million, but by 2019 it is expected to be more than $11.5 billion. As the threat increases, organizations will have no choice but to insure against these losses, either through D&O coverage or cyber insurance.

Those who do not carry cyber insurance should review their D&O policies with their agents to determine whether the K&R coverage applies to ransomware losses.
If the coverage is missing, steps should be taken to obtain it, either through K&R coverage or cyber policies.
​
Cyber criminals are using ever more sophisticated tools. Sound network security practices and employee education are the best way to avoid disaster, but proper insurance coverage is essential if things should go wrong.

Comments are closed.

    Categories

    All
    Compliance
    COVID 19
    Cyber
    Employee Benefits
    Personal Insurance
    Property Casualty
    Risk Management
    Wellness
    Workers Compensation

    Archives

    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018

The Friedman Group
501 Bell St.
Dubuque, IA 52001
Phone: (563) 556-0272
Home
Business Insurance
Employee Benefits
Personal Insurance
Financial Services
Contact

AssuredPartners
An AssuredPartners Agency
In February 2020, The Friedman Group joined AssuredPartners, the 11th largest insurance brokerage in the U.S. This partnership provides us access to additional capital and a national footprint that enables us to continue to negotiate the most favorable coverage terms and conditions for our clients, and allows us to provide an even broader spectrum of risk management support services. ​
© 2022 The Friedman Group, Inc.  Privacy Policy.