Friday, February 19, 2016

Companies can insure against cyber ransom

Posted in Cyberliability, D&O, E&O, Professional Liability, Insurance Coverage, Insurance General, Insurance News of Note

National Public Radio and other news outlets are reporting that a Los Angeles-area hospital recently paid a $17,000 ransom (in the form of 40 bitcoins) to hackers to unencrypt its computer networks, which had been held hostage after “ransomware” was introduced into the hospital’s network. Ransomware is a form of malicious software, or “malware,” that encrypts information or aspects of an organization’s computer network, preventing authorized users from accessing it. 

The persons who maliciously cause the ransomware to be placed on the network, then demand money in exchange for an encryption key to unlock the network. It is not difficult to see the tremendous economic losses and liability risks of a ransomware attack, in particular to a medical facility treating vulnerable patients.


There are a number of ways companies may protect themselves, their personnel, their computer networks and their customers from a ransomware, or other form of malware, attack; and insurance, including cyberliability coverage, should be considered a key component of those protections. Indeed, many cyberliability insurers include, or offer as an option, coverage for “cyber extortion,” which may cover ransom payments to end a computer security threat, such as in the Los Angeles hospital case.

In addition, #cyberliability_insurance may cover a company’s costs to notify potentially affected persons and legal liability (including the costs of defending against claims) in the event that a malware attack results in the disclosure of confidential information. And the insurance is often designed to respond, whether the malware is introduced by an intrusion into the network by an outsider, or through the unwitting assistance of an employee or authorized person, such as in a “spearphishing” attack.

As the cyberliability insurance market continues to mature and evolve, policyholders should be aware of the scope of available coverage, and should seek assistance when negotiating new or renewal cyberliability insurance to ensure they obtain the most comprehensive coverage available to fit their needs.


No comments:

Post a Comment