Many Cyber Insurance Policies Will Leave Business Ransomware Victims Out of Pocket Key Costs of WannaCry and Similar Malware not Covered in Most Policies

Many Cyber Insurance Policies Will Leave Business Ransomware Victims Out of Pocket Key Costs of WannaCry and Similar Malware not Covered in Most Policies
30.11.2017 10:39 am

Many Cyber Insurance Policies Will Leave Business Ransomware Victims Out of Pocket Key Costs of WannaCry and Similar Malware not Covered in Most Policies

Insurance

Businesses are being warned to carefully check their cyber insurance policies and their appropriateness as many do not provide important cover for common attacks, such as the damage to revenue and profits from ransomware attacks.

Analysis by Cyber|Decider, the cyber insurance comparison engine that covers policies accounting for 80% of the UK market, found that the variability of policies meant many businesses will be getting insurance that does not cover them for such key risks.

For instance, Cyber|Decider’s research shows that about a quarter of cyber insurance policies reviewed would not adequately cover businesses for the loss of revenue from such attacks, yet for many organisations this is likely to be by far the biggest cost.

A recent Lloyd’s of London reportClosing the gap: Insuring our business against evolving cyber threats” found that ransomware was one of the three biggest cyber threats to businesses in such sectors as: IT, professional services, healthcare, public sector, education, media, transport, hospitality and utility sectors.

Neil Hare-Brown, the CEO of Cyber|Decider said: “Businesses and their insurance brokers face a challenge from the wide variability of cyber insurance policies as to what they cover. In some areas the coverage provided by policies is similar and reasonably comprehensive, such as the costs from data breaches and forensic investigations, as well as meeting third party claims and any legal defence costs.

“But where ransomware causes a major interruption to the business, as it did with WannaCry, the coverage of insurance policies is highly variable.  This coupled with the practice of many brokers of recommending only one policy means many businesses will not be covered for the business interruption costs from cyber attacks even though it is a high risk for them.”

“An example being the recent ransomware attack on container shipping company A.P. Moller Maersk who estimate an impact of $300 million in lost revenue due not only to direct IT outage but also to contingent logistical problems including delayed delivery and operational supply chain failures.

“Similarly, whilst telephony fraud continues to hit many organisations of all sizes substantial losses, some insurers do not currently provide cover.” 

Examples of problems organisations and their brokers currently face when dealing with cyber insurance policies:

  • Policies often use different definitions and terms for the same thing, or include the same thing under different headings and sections    - making policy comparison both time-consuming and laborious.
  • Often policies use different definitions, right down to the most basic elements like “what is a computer”.  For instance, some policies include industrial control systems in their definition and some don’t, a pretty vital distinction for many businesses!
  • There is a high and surprising variability of what is covered between different policies.  For instance, while most policies are pretty similar in their coverage of privacy issues, there is a lot of disparity around business interruption issues.

The WannaCry ransomware attack in May of this year was reported to have infected more than 230,000 computers in over 150 countries (Wikipedia), it was followed in June by the ransomware NotPetya, which also severely disrupted numerous large organisations internationally (Wikipedia).

Related News

iPipeline Expands Quoting Capability via SolutionBuilder®

iPipeline – a leading provider of next-generation solutions and services to the life and pensions market – has announced that they are further expanding quoting capability via... Read more »

Cyberwrite named a 2018 Cool Vendor in Insurance by Gartner for its Cyberrisk profiling technology

Cyberwrite today announced it has been included as one of only four vendors in the 2018 list of “Cool Vendors in... Read more »

Startupbootcamp InsurTech brings insurance industry together to celebrate end of third accelerator program

Startupbootcamp InsurTech yesterday celebrated the end of its third annual program... Read more »

Co-op Insurance Signs New Application Management Contract with Sopra Steria

Sopra Steria has today announced a new application management contract with Co-op Insurance. The master service agreement (MSA) provides not just Co-op Insurance, but all... Read more »

SSP Creates New Efficiencies with Integration of iPipeline’s SolutionBuilder

SSP, a global provider of technology systems and solutions across the entire insurance industry,has integrated iPipeline's award-winning SolutionBuilder® quote and apply system... Read more »

Former MIB Head Chooses SSP for New Venture

PEX Insure, the managing general agent (MGA) founded by Byron Shepherd, has chosen two separate SSP platforms to distribute its insurance products. Shepherd was formerly one of... Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App