2016 was dubbed the “year of ransomware”, but in reality, you could say the same about 2017, 2018, and so far, 2019. According to the FBI, ransomware cost US businesses at least $1.4B in 2017, compared with $1B in 2016. Cost estimates for 2018 have not yet been released, but by all accounts, will be significantly higher. And the bad guys continue to get more and more sophisticated, leaving businesses, even those with strong controls and protocols, exposed.
While healthcare and financial services continue to be the industries hardest hit by cyber-related events, ransomware has not been as industry-concentrated and has had significant impact on less-suspecting industries. For example, a recent ransomware event shut down a manufacturer for several days, resulting in a seven-figure loss. Although the ransom demand was small (less than $25,000), the impact was far greater, causing business income loss and significant forensics and restoration costs.
In another recent event, a law firm fell victim to a phishing attack that resulted in ransomware infiltrating their network. The firm was unable to access client files for several days. The resulting loss, including payment of the ransom demand, was just under $230,000.
These are just two examples of how any business can be impacted by a ransomware event. A quick Google search will reveal hundreds, if not thousands, more. While the effects of a ransomware event can be devastating, the good news is there is insurance coverage for these exposures.
Cyber Extortion – coverage for payment of the ransom demand and associated response costs (e.g. forensics)
Business Interruption – coverage for loss of income suffered due to interruption or shut down the business operations
Data Restoration – coverage for costs of restoring lost or damaged data
Data Breach Event Costs – in the event confidential information is disclosed during a ransomware event, coverage for costs to notify impacted individuals, provide credit monitoring to those individuals, engage legal and public relations expertise
A key benefit to having a Cyber Insurance policy in place when a ransomware event occurs is immediate access to pre-vetted response vendors. Many Cyber Insurance carriers have a breach response hotline staffed 24/7/365 with attorneys ready to assist in triage and response to a ransomware (or other cyber) event. Vendors also include IT forensics firms to assist in evaluating the scope and source of the ransomware and restoring data that is lost or corrupted.
For more information on ransomware threats and Cyber Insurance coverage, tune into the
GCCA and Lockton webinar on May 7th at 1:00pm EST. Registration information coming soon.