PUBLISHED ON: February 28, 2022
Download PDF
Abstract: Ransomware attacks are a rapidly growing threat against organizations. Paying ransom demands is a risky proposition and may even lead to sanctions against the targeted company. Either way, the damage to a company’s operation and integrity can be cripplingly severe. Should a company suffer losses from cyber extortion, its insurance company will be one of the resources it turns to for relief. But with cyber coverage increasingly out of reach for some, policyholders may find coverage in more traditional coverages. In this article, the author evaluates the potential for coverage under several policy types, and underscores the importance of understanding policy language, the relevant law, and the potential regulatory ramifications of meeting ransom demands.
While the COVID-19 pandemic brought some industries to a near or complete halt, it’s as if it had the opposite effect on busy cybercriminals who continued to wreak havoc around the world. The Wall Street Journal has reported that ransomware attacks have increased by 300 percent in the past year.1 Due to desired secrecy among both targets and perpetrators, precise data on ransomware attacks is not readily available. However, one study estimated that companies paid at least $350 million in online extortions during 2020 alone,2 and cybersecurity officials have estimated that the damage to the U.S. economy was in the billions of dollars.3 Relatedly, cyber insurance policy premiums continue to rise, with higher policy limits becoming increasingly difficult to procure. Many companies, however, do not realize that they may recover losses under more “traditional” insurance policies.
To read the full article click here.
Pamela D. Hans (phans@andersonkill.com) is the managing shareholder of Anderson Kill’s Philadelphia office. Her practice concentrates on insurance coverage exclusively on behalf of policyholders. Pam is also a member of the firm’s COVID Task Group and Cyber Recovery Group.