What You Need To Know About Ransomware Insurance and Cyber Insurance

by Grant Davis | Business Insurance, Cyber Liability, GDI Insurance, Insurance, Risk Management

Ransomware Insurance and Cyber Insurance

With ransomware attacks on the rise, the role of insurance is becoming more robust. And, although ransomware coverage has been traditionally sublimited within cyber policies, stand-alone cyber policies that cover ransomware are becoming more necessary.

In an attempt to find additional coverage for ransomware, many businesses and carriers have been turning to kidnap and ransom (K&R) policies. K&R policies have traditionally been used by organizations to protect their executives, not to protect against ransomware. Because K&R policies were not designed for ransomware, they may only provide a quick fix. K&R policies tend to be less suitable for ransomware than cyber policies and payouts tend to be lower.

Policy Definitions, Terms and Conditions

Since cyber insurance isn’t standardized, organizations should review all policy language with a broker before choosing a plan that effectively covers ransomware. Policies can vary significantly in their language and coverage options, so insurance experts recommend policies that—at the very least—provide coverage for extortion demands and payments as well as lost income resulting from an attack.
Organizations should also take a close look at the following definitions, terms and conditions when choosing a policy:

Sublimits and deductibles—Most policies set a sublimit for covering ransomware. It is important to review this limit carefully, considering that demands may start on the low side, but can increase quickly. Also, since making a ransom payment may make organizations a target for subsequent ransom demands within the policy year, the deductible amount should reflect that risk.
Payment terms—Most policies require prior written consent before the insured can pay any ransom. This can result in payment delays and increased demands by the hackers. If an organization pays a ransom in order to resume business, without prior written consent by the insurer, there’s a chance that it may not be reimbursed. Therefore, organizations need to be comfortable with a policy’s terms in order to avoid compromising coverage.
Definition of extortion—It is important for organizations to fully understand and agree with their insurance company’s definition of extortion, since the definition dictates the trigger for coverage. For example, although hackers may intend to sell or misuse information, the ransom demand may only involve a countdown timer and demand for money. While the combination of the two may seem like an obvious threat to the insured, a carrier could possibly deny coverage on the basis that there was no explicit threat to sell or misuse information—all because of its unique definition of extortion.

What to Look for in a Ransomware Insurance Policy

Companies should look for ransomware coverage that uses broad terminology and protects against a wide range of threats, including threats to do the following:

Access, sell, disclose or misuse data stored on your network, including digital assets.
Alter, damage, or destroy software or programs.
Introduce malicious software, including viruses and self-propagating code.
Impair or restrict access. Look for policies with broad terms like, “threats to disrupt business operations.”
Impersonate the insured in order to gather protected information from its clients, also known as pharming or phishing.
Use your network to transmit malware.
Deface or interfere with your company’s website.

The Importance of Risk Management

Ransomware insurance is most effective when coupled with an effective risk management program, as there are many components in the fight against cyber crime. Risk managers should work with an insurance broker to review all applicable options before choosing cyber coverage.

California’s Leader in Insurance and Risk Management

As one of the fastest growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. With locations across the heart of California’s Central Valley and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business. Contact us today 1-209-634-2929 for your comprehensive business insurance quote!

Contact GDI Insurance Agency, Inc. today 888-991-2929 to learn more about available cyber policies and effective risk management techniques to protect your organization from ransomware attacks.

E-Liability: What are YOUR Risks?

by Matthew Davis MBA, CPCU, AAI | Business Insurance, Cyber Liability, Insurance

Internet-related liabilities are present whether your company simply has e-mail or is actively involved in e-commerce. Do you have the appropriate e-liability insurance coverage?

Who Needs a Cyber Liability Plan or E-Liability Insurance? Almost EVERYONE!

Assumptions have been made that a traditional comprehensive Commercial General Liability (CGL) policy will afford you coverage for business interruption, intellectual property damage and similar losses. And because “property damage,” covered under CGL policies, has been traditionally defined as a physical injury to tangible property, some courts have even ruled that “physical loss or damage” includes computer-information related losses. Insurers are avoiding liability by including specific exclusions and requiring endorsements for this coverage.

However, insurance carriers are now becoming savvy in the technology industry. Product offerings are greater. We are seeing a plethora of cyber insurance and e-liability insurance products. Knowing the ins and outs of each product will be key in proper policy selection. That’s where GDI Insurance Agency, Inc. can assist you, providing its expertise so you have the appropriate coverage to match your risk management needs.

What is Cyber Liability Insurance?

Cyber liability coverage may include an e-comprehensive policy. This policy may cover losses caused by fraudulent modification, accidental alteration or destruction to all electronically stored information. In addition, losses caused by malicious copying of trade secrets, extortion and introduction of a virus could be covered.

Media liability addresses the losses associated with libel, slander, and invasion of privacy and infringement of copyrights.

This may be needed, especially if your employees are given access to e-mail capabilities and Internet access. E-mail is an essential tool of today’s fast-paced business culture. However, messages taken out of context may cause difficulty. Establish an e-mail usage policy and educate employees on the proper use of e-mails and surfing the Net.

Defend against loss or damage caused by viruses with specialty computer virus transmission coverage. Along these lines, there is unauthorized access and use coverage, which insures against losses when third party information is stolen.

Each carrier’s Internet-related insurance products need to be closely scrutinized to determine what they will and will not cover, and who will pay the defense expenses.

Your company may also be entitled to rehabilitation expenses to re-establish your reputation and market share after a loss.

One other detail that we look at is whether the policy itself is a claims made or an occurrence policy. Claims made policies will only cover losses that are made and reported during that policy period. If this is the case, an extended reporting period (ERP) may need to be negotiated.

E-commerce presents today’s risk managers with new challenges—this brochure only scratches the surface. To ensure the success of your e-commerce initiatives, GDI Insurance Agency, Inc. recommends a comprehensive risk assessment be conducted to identify potential gaps and inappropriate levels of coverage.

Contact GDI Insurance Agency, Inc. to further discuss your e-liability insurance and the products available to minimize your risk. 1-209-634-2929