Hunton Insurance Recovery Blog

Reports of recent cyberattacks continue the discussion we started with yesterday’s blog post about common hurdles to coverage.  The hurdle for today’s discussion?  Ransomware.

Ransomware attacks are on the rise.  Security services company SonicWall reported that ransomware attacks increased by a factor of 167, from 3.8 million in 2015 to 638 million in 2016.  Similarly, insurer Beazley reported that ransomware claims quadrupled in 2016, and are expected to double again in 2017.

Despite these trends, many standard cyber forms do not cover ransoms to restore system access or to recover stolen data.  Instead, the forms focus on ransoms paid to avoid a breach or the release of personal information.  This gap in coverage is easily addressed by endorsement but, surprisingly, many businesses do not have such endorsements.

The risk of this often-unaddressed gap is real.  In January, cyber criminals accessed an Austrian hotel’s network and remotely locked the hotel doors, preventing guests from entering their rooms.  Efforts to issue new cards were unsuccessful, and breaking down doors would be too costly.  In the end, the hotel paid 2 bitcoins (about $1,800) to restore access.

The prisoner’s dilemma caused by ransomware attacks may have more than just monetary consequences.  The Cockrell Hill, Texas Police Department lost video evidence and digital documents after hackers took over its computer system. Messages demanded approximately $4,000 of bitcoin for return of the files, which the department refused to pay after consulting with the FBI.  In an effort to end the attack, the department wiped its servers clean, but could not restore any files; it turned out that the department’s system backup had captured only the already-infected files.  The department claims that none of the lost information was “critical,” but many criminal defense attorneys are already questioning whether that is the case, especially for charges that relied on video evidence.

The amounts at stake may seem small, but successful ransoms promise to encourage larger demands and unsuccessful ransoms may still cause significant expense to manually restore lost data — that is, when that data can even be recovered.  And, the consequential interruption to policyholder’s normal business operations may have a substantial financial impact that far exceeds the ransom payment.  The solution to these problems should not be to simply stockpile cash to address these risks or to rebuild damaged systems or data. Businesses must actively improve their risk protections, including improving their insurance coverage.  Policyholders should begin that process by reading their policies, and working with experienced brokers and coverage counsel to ensure that coverages actually protect against real-world risks.