Businesses are turning to cyber insurance as ransomware and other cyberattacks continue to increase. Cyber insurance policies typically will help a compromised business contact customers in accordance with state laws, recover data, and repair damaged computers. However, the increase in costly ransomware has forced insurance companies to make policies more difficult to get approved.
A court decision earlier this year on an insurance claim from 2017 is raising questions about what cyber insurance looks like during times of war. A malware attack on Ukraine in 2017 quickly spread and destroyed data from thousands of companies around the world. The pharmaceutical company Merck was one of the businesses impacted by the malware which destroyed data on 40,000 of their computers. Merck estimated the cost of new equipment, personnel, and production downtime was $1.4 billion and submitted a claim against their insurance policy. The insurance company denied the claim citing the malware originally was an attack on Ukraine from Russia and was, therefore, an act of war. Most insurance policies have an “act of war” exclusion clause. The case spent three years in court and was finally decided in Merck’s favor.
Today we have a conflict between Russia and Ukraine where cybercrime is a large concern. Cyber insurance companies have had five years since this incident to understand the risk of the current climate and write policies appropriate for the risk. Attribution is another factor when a company tries to make a claim on an insurance policy. The origin of a cyberattack is purposefully difficult to attribute. With a conflict going on where cyberattacks have been part of the conflict, an “act of war” exclusion could play a large part in an insurance claim today.
There are many factors to consider when shopping for cyber insurance. Click here for our latest cyber insurance update video where we discuss more factors for a business owner to consider when selecting a policy. It’s important to understand what is covered in a policy, and even more importantly, what is not covered. Also, cyber insurance should be used as a last resort. Protecting your data with quality best practices is the best way to reduce risk.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
