by Grant Davis | Business Insurance, Cyber Liability, GDI Insurance, Insurance, Risk Management
Ransomware Insurance and Cyber Insurance
With ransomware attacks on the rise, the role of insurance is becoming more robust. And, although ransomware coverage has been traditionally sublimited within cyber policies, stand-alone cyber policies that cover ransomware are becoming more necessary.
In an attempt to find additional coverage for ransomware, many businesses and carriers have been turning to kidnap and ransom (K&R) policies. K&R policies have traditionally been used by organizations to protect their executives, not to protect against ransomware. Because K&R policies were not designed for ransomware, they may only provide a quick fix. K&R policies tend to be less suitable for ransomware than cyber policies and payouts tend to be lower.
Policy Definitions, Terms and Conditions
Since cyber insurance isn’t standardized, organizations should review all policy language with a broker before choosing a plan that effectively covers ransomware. Policies can vary significantly in their language and coverage options, so insurance experts recommend policies that—at the very least—provide coverage for extortion demands and payments as well as lost income resulting from an attack.
Organizations should also take a close look at the following definitions, terms and conditions when choosing a policy:
- Sublimits and deductibles—Most policies set a sublimit for covering ransomware. It is important to review this limit carefully, considering that demands may start on the low side, but can increase quickly. Also, since making a ransom payment may make organizations a target for subsequent ransom demands within the policy year, the deductible amount should reflect that risk.
- Payment terms—Most policies require prior written consent before the insured can pay any ransom. This can result in payment delays and increased demands by the hackers. If an organization pays a ransom in order to resume business, without prior written consent by the insurer, there’s a chance that it may not be reimbursed. Therefore, organizations need to be comfortable with a policy’s terms in order to avoid compromising coverage.
- Definition of extortion—It is important for organizations to fully understand and agree with their insurance company’s definition of extortion, since the definition dictates the trigger for coverage. For example, although hackers may intend to sell or misuse information, the ransom demand may only involve a countdown timer and demand for money. While the combination of the two may seem like an obvious threat to the insured, a carrier could possibly deny coverage on the basis that there was no explicit threat to sell or misuse information—all because of its unique definition of extortion.
What to Look for in a Ransomware Insurance Policy
Companies should look for ransomware coverage that uses broad terminology and protects against a wide range of threats, including threats to do the following:
- Access, sell, disclose or misuse data stored on your network, including digital assets.
- Alter, damage, or destroy software or programs.
- Introduce malicious software, including viruses and self-propagating code.
- Impair or restrict access. Look for policies with broad terms like, “threats to disrupt business operations.”
- Impersonate the insured in order to gather protected information from its clients, also known as pharming or phishing.
- Use your network to transmit malware.
- Deface or interfere with your company’s website.
The Importance of Risk Management
Ransomware insurance is most effective when coupled with an effective risk management program, as there are many components in the fight against cyber crime. Risk managers should work with an insurance broker to review all applicable options before choosing cyber coverage.
California’s Leader in Insurance and Risk Management
As one of the fastest growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. With locations across the heart of California’s Central Valley and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business. Contact us today 1-209-634-2929 for your comprehensive business insurance quote!
Contact GDI Insurance Agency, Inc. today 888-991-2929 to learn more about available cyber policies and effective risk management techniques to protect your organization from ransomware attacks.
by Matthew Davis MBA, CPCU, AAI | Business Insurance, Cyber Liability, Insurance
Internet-related liabilities are present whether your company simply has e-mail or is actively involved in e-commerce. Do you have the appropriate e-liability insurance coverage?
Who Needs a Cyber Liability Plan or E-Liability Insurance? Almost EVERYONE!
Assumptions have been made that a traditional comprehensive Commercial General Liability (CGL) policy will afford you coverage for business interruption, intellectual property damage and similar losses. And because “property damage,” covered under CGL policies, has been traditionally defined as a physical injury to tangible property, some courts have even ruled that “physical loss or damage” includes computer-information related losses. Insurers are avoiding liability by including specific exclusions and requiring endorsements for this coverage.
However, insurance carriers are now becoming savvy in the technology industry. Product offerings are greater. We are seeing a plethora of cyber insurance and e-liability insurance products. Knowing the ins and outs of each product will be key in proper policy selection. That’s where GDI Insurance Agency, Inc. can assist you, providing its expertise so you have the appropriate coverage to match your risk management needs.
What is Cyber Liability Insurance?
Cyber liability coverage may include an e-comprehensive policy. This policy may cover losses caused by fraudulent modification, accidental alteration or destruction to all electronically stored information. In addition, losses caused by malicious copying of trade secrets, extortion and introduction of a virus could be covered.
Media liability addresses the losses associated with libel, slander, and invasion of privacy and infringement of copyrights.
This may be needed, especially if your employees are given access to e-mail capabilities and Internet access. E-mail is an essential tool of today’s fast-paced business culture. However, messages taken out of context may cause difficulty. Establish an e-mail usage policy and educate employees on the proper use of e-mails and surfing the Net.
Defend against loss or damage caused by viruses with specialty computer virus transmission coverage. Along these lines, there is unauthorized access and use coverage, which insures against losses when third party information is stolen.
Each carrier’s Internet-related insurance products need to be closely scrutinized to determine what they will and will not cover, and who will pay the defense expenses.
Your company may also be entitled to rehabilitation expenses to re-establish your reputation and market share after a loss.
One other detail that we look at is whether the policy itself is a claims made or an occurrence policy. Claims made policies will only cover losses that are made and reported during that policy period. If this is the case, an extended reporting period (ERP) may need to be negotiated.
E-commerce presents today’s risk managers with new challenges—this brochure only scratches the surface. To ensure the success of your e-commerce initiatives, GDI Insurance Agency, Inc. recommends a comprehensive risk assessment be conducted to identify potential gaps and inappropriate levels of coverage.
Contact GDI Insurance Agency, Inc. to further discuss your e-liability insurance and the products available to minimize your risk. 1-209-634-2929
by Grant Davis | Business Insurance, Cyber Liability, Insurance
What is Cyber Liability Insurance?
The cost of a data breach and the reputation damage to your business after a breach occurs can be devastating. You need a well-designed cyber insurance policy to provide the protection you need, and breach management expertise to ensure the breach is managed properly and in accordance with regulatory requirements. Federal and State laws require forensic, legal and credit monitoring services are in place after a breach to protect customers from the misuse of their personal information.
Free 37 page cyber security planning book.. just call 888-991-2929 or email us for your free copy
Why Have Cyber Liability Insurance?
Data breaches occur every day. Hacking incidents are the most recognizable and expensive cause of data loss, and over the last few years have become the most common.
- 49% of the data breach causes are malicious and criminal attacks.
- 32% are system glitches, such as software updates, which inadvertently expose sensitive private files.
- 9% are from people making mistakes, such as losing laptops and flash drives No matter the sophistication of the security system, there is little that can be done to eliminate the risk of human error.
A common, accidental breach is a real business risk worth considering today. Coverage May Include:
- Third party liability for financial loss, mental anguish, mental distress and any breach related claims
- First party coverage for breach related expenses
- Full limit coverage for notification, credit monitoring and computer forensic expense
- Coverage for breach costs available outside of the policy limit
- Coverage available for business interruption, lost income and restoration of data post breach
- PCI fines, penalties and remediation expenses
- Primary limits available up to 20 million (higher limits available through excess)
- Retentions starting at $1,000
- In-house quoting system for risks up to $100 million |
- Notification costs are covered when required by law and on a voluntary basis
- Free risk management services provided to policyholders
Sample Claim: Restaurant Data Breach A local restaurant chain discovers that their payment systems have been breached over the course of three months. Tens of thousands of customers had their credit card information stolen, resulting in fraudulent charges on the victims’ accounts. Victims band together and sue the restaurant chain for costs incurred, including paying for credit monitoring, recovering lost funds and expenses incurred in clearing their identities.
As technology becomes increasingly important for successful business operations, the value of a strong cyber liability insurance policy will only continue to grow. The continued rise in the amount of information stored and transferred electronically has resulted in a remarkable increase in the potential exposures facing businesses. In an age where a stolen laptop or hacked account can instantly compromise the personal data of thousands of customers, or an ill-advised post on a social media site can be read by hundreds in a matter of minutes, protecting yourself from cyber liability is just as important as some of the more traditional exposures businesses account for in their general commercial liability policies.
As reliance on technology continues to increase, new exposures continue to emerge. As your business grows, make sure your cyber liability insurance coverage grows with it. GDI Insurance Agency, Inc. is here to help you analyze your needs and make the right coverage decisions to protect your operations from unnecessary risk.
