Protection from Ransomware Attacks

Protection from Ransomware Attacks

With ransomware attacks on the rise, the role of insurance is becoming more robust. And, although ransomware coverage has been traditionally sublimited within cyber policies, standalone cyber policies that cover ransomware are becoming more necessary.

Ransomware is a form of malicious software that cyber criminals use to deny access to an organization’s systems or data. During a ransomware attack, the criminal holds the systems or data hostage and demands the organization pay a ransom. These attacks can carry serious consequences for an organization, including lost data, disrupted operations, a tarnished reputation and financial ruin.

Policy Definitions, Terms and Conditions

Since cyber insurance isn’t standardized, organizations should review all policy language with a broker before choosing a plan that effectively covers ransomware. Policies can vary significantly in their language and coverage options, so insurance experts recommend policies that — at the very least — provide coverage for extortion demands and payments, as well as lost income resulting from an attack.

Organizations should also take a close look at the following definitions, terms and conditions when choosing a policy:

  • Sublimits and deductibles — Most policies set a sublimit for covering ransomware. It is important to review this limit carefully, considering that demands may start on the low side but can increase quickly. Also, since making a ransom payment may make organizations a target for subsequent ransom demands within the policy year, the deductible amount should reflect that risk.
  • Payment terms — Most policies require prior written consent before the insured can pay any ransom. This can result in payment delays and increased demands by the hackers. If an organization pays a ransom in order to resume business without prior written consent by the insurer, there’s a chance that it may not be reimbursed. Therefore, organizations need to be comfortable with a policy’s terms in order to avoid compromising coverage.
  • Definition of extortion — It is important for organizations to fully understand and agree with their insurance company’s definition of extortion since the definition dictates the trigger for coverage. For example, although hackers may intend to sell or misuse information, the ransom demand may only involve a countdown timer and demand for money. While the combination of the two may seem like an obvious threat to the insured, a carrier could possibly deny coverage on the basis that there was no explicit threat to sell or misuse information — all because of its unique definition of extortion.

What to Look for in an Insurance Policy

Companies should look for ransomware coverage that uses broad terminology and protects against a wide range of threats, including threats to:

  • Access, sell, disclose or misuse data stored on your network, including digital assets.
  • Alter, damage or destroy software or programs.
  • Introduce malicious software, including viruses and self-propagating code.
  • Impair or restrict access. Look for policies with broad terms like “threats to disrupt business operations.”
  • Impersonate the insured in order to gather protected information from its clients, also known as pharming or phishing
  • Use your network to transmit malware.
  • Deface or interfere with your company’s website.

Ransomware insurance is most effective when coupled with an effective risk management program as there are many components in the fight against cybercrime. Risk managers should work with an insurance broker to review all applicable options before choosing coverage.

For additional help obtaining the right cyber protection, contact a member of our team.


© Copyright CBIZ, Inc. and CBIZ CPAs P.C. (together, “CBIZ”). All rights reserved. Use of the material contained herein without the express written consent of the firms is prohibited by law. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.

CBIZ is the brand name for CBIZ CPAs P.C. and CBIZ Advisors, LLC (together), a national professional services company providing tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of growth-oriented companies. CBIZ Advisors, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ). CBIZ CPAs P.C. is an independent CPA firm that provides audit, review and attest services, and works closely with CBIZ, a business consulting, tax and financial services provider. CBIZ and CBIZ CPAs P.C. are members of Kreston Global, a global network of independent accounting firms. This publication is protected by U.S. and international copyright laws and treaties. Material contained in this publication is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their organization.

Protection from Ransomware Attackshttps://www.cbiz.com/Portals/0/Images/ransomware.jpg?ver=2020-12-16-114021-660https://www.cbiz.com/Portals/0/liquidImages/WebReady/ransomware.jpgWith ransomware attacks on the rise, the role of insurance is becoming more robust. And, although ransomware coverage has been traditionally sublimited within cyber policies, standalone cyber policies that cover ransomware are becoming more necessary....2020-10-27T13:09:23-05:00

With ransomware attacks on the rise, the role of insurance is becoming more robust. And, although ransomware coverage has been traditionally sublimited within cyber policies, standalone cyber policies that cover ransomware are becoming more necessary.

Risk MitigationRetailCyber & Information SecurityProperty & Casualty Insurance