Cyber Extortion: Consider How Your Cyber Insurance Policy Can Help You Respond

Although cyber insurance coverage has been offered since the mid-1990s, it hasn’t always been top of mind for most organizations until recently, that is. Not only are the frequency and complexity of cyber security pitfalls growing, so too are the price tags. Consequently, having a thoughtfully considered cyber liability insurance policy is a critical aspect of an organization’s incident preparedness and response plans. The triggers for these policies can be wide-ranging, so it is helpful for your organization to consider ahead of time the types of data security events commonly seen today and to understand how your policy will respond should your organization face such events.

Criminals taking valuable company assets hostage for financial gain is certainly not a new concept. What has changed, however, is how this has evolved to include cyber extortion threats such as infecting systems with malicious codes; maliciously altering or damaging data assets or interrupting computer systems. Insurance policies addressing cyber extortion, in its most basic form, originated from the need to provide coverage for payments made to perpetrators threatening to attack insureds’ computer systems or data assets. However, because it is an evolving threat, it is helpful to consider exactly what aspects of responding to these events are covered. Does your policy cover the payment or other valuables demanded by a cyber-criminal? Who determines what actual “ransom” is paid? Does it extend to engaging cyber investigators to investigate, terminate and help respond to a threat? Does it extend further to engage security specialists to implement tools to prevent future attacks? How about the cost of negotiators?

Your best defense against cyber extortion is to know your policy and the appropriate parties to engage for resolution

The costs affiliated with being offline or unable to conduct business as a result of a cyber extortion event are difficult to quantify, and the value assigned to the intellectual property or otherwise sensitive data affected by the event can be difficult to prove. Your broker and insurance carrier can help you maximize the effectiveness of cyber coverage by leveraging their relationships with trusted and efficient incident response partners. Considering how this type of attack could affect your organization and engaging an incident response partner now, before a cyber extortion event occurs, can enable you to respond quickly following an attack to minimize your downtime and exposure.

• Which policies do you hold and where are they?
  When you are under a cyber attack, you need to have access to the correct, specific policy for that particular incident. Know ahead of time what team member is in charge of reaching out to your broker and carrier. Understand what approvals may be necessary from your carrier if you are looking for reimbursement of any type of ransom payment and consider whether there are sublimits to be considered as well.
• What system(s) could be impacted?
  Many companies have multiple servers and IT systems spread across the globe. Are all of your systems covered by cyber insurance? What about new platforms and services that have been integrated since your insurance policy was bound?
• What data could be compromised?
  It can be very difficult to know what data is being held ransom until after the incident has ended or the perpetrator has been paid. Understand where your most sensitive data is, what type of data it is PHI, PII or other types of data where it is stored and react quickly to maintain its integrity.
• What are the key terms in your policy?
  Insurance policies contain key terms that are defined very specifically within your policy. Remember, your best defense is partnering closely with the resources your broker and carrier have made available. If paying the extortionist is your only option, then understand very specifically what you must do in order to return your business to its original state of operation and consider options to prevent similar events from taking place in the future.

The development of sophisticated and comprehensive insurance products continues to keep pace with the types of cyber threats affecting all businesses today – regardless of sector or revenue size. Leveraging cyber insurance and the incident response resources made available through your policy is an effective way to mitigate how much of an impact a cyber attack will have on your organization’s operations, finances, and reputation