Molyneaux Insurance
  • The Molyneaux Way
    • Trumps and Tricks Euchre Event
    • Privacy Policy
  • ClearPath™
  • Our Team
  • Business
    • Employee Benefits >
      • Education and Compliance
      • Share to Compare
    • Risk Management
    • Claims Management
  • Industries
    • Franchises and Associations
  • Personal
  • Blog
  • Careers
    • Open Positions
  • Contact Us
  • The Molyneaux Way
    • Trumps and Tricks Euchre Event
    • Privacy Policy
  • ClearPath™
  • Our Team
  • Business
    • Employee Benefits >
      • Education and Compliance
      • Share to Compare
    • Risk Management
    • Claims Management
  • Industries
    • Franchises and Associations
  • Personal
  • Blog
  • Careers
    • Open Positions
  • Contact Us

​Molyneaux ​Blog

Can D&O coverage offer protection against ransomware attacks?

11/26/2018

 
Cyber insurance | Molyneaux
It's a nightmare scenario for business owners. Employees log in to their workstations and attempt to access the usual systems, expecting to find customer reports. Instead, they find a message demanding money.

If the business wants to regain access to its software and data, it will have to pay a ransom. Until then, it is locked out. The business has become the latest victim of ransomware. 
​
Ransomware is malicious software that hackers introduce into an organization's computer network to encrypt its data. The hackers hold the data hostage until their demands are met.
Those demands are normally for money, often payable in a crypto-currency such as Bitcoin. The hackers threaten to encrypt the data indefinitely, or even start deleting it, if they do not receive payment.

Ransomware has been around for a decade, but its use has exploded since 2015. Because it was infrequent until recently, insurance coverage for losses resulting from these attacks has not yet been widely purchased.

While cyber insurance has been available for several years, the coverages continue to evolve with the threats they insure against. Also, businesses have been slow to see a need for these policies, resulting in a low level of sales.

Consequently, an organization that becomes a victim of a ransomware attack might find itself uninsured. However, there are two potential avenues for coverage that many organizations already have - directors and officers (D&O) liability insurance and crime insurance.

Kidnap & ransom coverage
These policy types often provide kidnap and ransom (K&R) coverage. This coverage, frequently purchased by multinational corporations, applies to an organization's cost to pay ransoms.

Traditionally, coverage applies only if an "insured person" such as an employee or executive was kidnapped. Such policies would do nothing for the victims of ransomware attacks.

Some insurers are now providing - either deliberately or unintentionally - K&R coverage that applies to ransoms paid in response to cyber extortion. Among the events these policies may consider cyber extortion:
  • Threats to poison a computer system with malware.
  • Threats to change, damage, or destroy programs or data stored on a system if the owner does not pay a ransom.
 
Some insurers who provide K&R coverage did not anticipate covering ransomware losses and have made changes to the policies they sell. For example, some have added deductibles to the coverage, mirroring the terms of cyber policies, while others have capped the amount of business interruption coverage they will provide for cyber extortion losses.

Other insurers have changed their policies to better cover ransomware losses. Some have set up Bitcoin accounts for clients so that ransom payments can be made faster, shortening the length of time a business is incapacitated.

The takeaway
Experts expect the problem to become more urgent. The cost of global ransomware attacks in 2015 was $325 million, but by 2019 it is expected to be more than $11.5 billion. As the threat increases, organizations will have no choice but to insure against these losses, either through D&O coverage or cyber insurance.
​
Those who do not carry cyber insurance should review their D&O policies with their agents to determine whether the K&R coverage applies to ransomware losses.

If the coverage is missing, steps should be taken to obtain it, either through K&R coverage or cyber policies.

Cyber criminals are using ever more sophisticated tools. Sound network security practices and employee education are the best way to avoid disaster, but proper insurance coverage is essential if things should go wrong.

Comments are closed.

    Categories

    All
    Cyber Security
    Directors And Officers
    Employee Benefits
    News
    Personal Insurance
    Property And Casualty
    Risk Management
    Trumps & Tricks
    Wellness
    Workers Compensation

    RSS Feed

    Archives

    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    November 2017
    September 2017

Company

About Us
Our Team
​Trumps & Tricks
Testimonials
Careers
​News
Privacy Policy

Services

​Commercial Insurance
Risk Management
Employee Benefits
Group Health Insurance

Retirement Benefits
​Personal Insurance

Industry Specialization

Contact Molyneaux

​​5025 Utica Ridge Road
Suite 100
Davenport, IA 52807
​101 East Main Street
​
Suite 202
Galesburg, IL 61401
Phone: 563-324-1011 
Toll Free: 800-713-6930
Picture
Better Business Bureau Logo

Partner Agencies

LMC Insurance & Risk Management Logo
Independent Insurance Services Logo
Molyneaux Logo
The Friedman Group Logo
Agri-Business Insurance Services Logo
© COPYRIGHT 2019 Molyneaux Insurance