Do You Have Ransomware Insurance? Look at the Fine Print

The purpose of insurance is to safeguard the party insured against catastrophe, but it also serves to?protect the insurer ?from misuse of its policies. This is where the small print comes into play. On the other hand, the tiny print in the case of ransomware insurance is causing controversy and may be reducing its value.

In this post, we'll explain why war exclusion clauses are gradually reducing the value of ransomware insurance, especially given the current situation, and why your firm should instead concentrate on securing itself.

What is ransomware insurance?

Because businesses are attempting to purchase protection against the devastating results of a successful ransomware attack,?ransomware insurance ?has become a more popular product in recent years. Why try to purchase insurance? A single successful attack, such as NotPetya, which caused a total of $10 billion in damages, can practically bring down a huge corporation.

Attacks by ransomware are infamously challenging to completely defend against. Insurance companies intervened to provide a product, just like they would with any other potentially disastrous incident. Insurance companies offer to pay for many of the losses brought on by a ransomware attack in return for a premium.

A ransomware policy may provide coverage for lost revenue if the attack prevents business activities from continuing or for lost important data if ransomware causes data to be lost or deleted. In some cases, a policy will reimburse the criminal's demand for the ransom if you are victimized by extortion.

The policy document, commonly referred to as the "fine print," will of course specify the precise payout and conditions. Exclusions, or situations in which the policy won't pay out, are another crucial part of fine print. And there therein lies the issue.

What's the issue with fine print?

It makes sense that insurers would want to safeguard their premium pools from misuse. After all, it's simple for an actor to enroll in insurance because they already have a claim in mind rather than because they want protection.

The fine print in an agreement can help both parties clarify its provisions so that everyone is clear about what to expect and what rights they have. The fine print of ransomware insurance would have some fair requirements.

For instance, your policy will mandate that you put in the barest minimum effort to safeguard your workload from ransomware. After all, it's logical to anticipate that you will take security measures in case of an assault. Similar to this, your contract undoubtedly contains a notification clause that calls for you to inform your insurance of the attack within a specific amount of time.

Another frequent exclusion is the one for "war-related," which gives insurers the option to reject a claim if the damage was caused by a conflict or activities that would constitute a war. For three reasons, the fine print is currently raising questions.

The complexity of war exclusions

For instance, your policy will mandate that you put in the barest minimum effort to safeguard your workload from ransomware. After all, it's logical to anticipate that you will take security measures in case of an assault. Similar to this, your contract undoubtedly contains a notification clause that calls for you to inform your insurance of the attack within a specific amount of time.

Another frequent exclusion is the one for "war-related," which gives insurers the option to reject a claim if the damage was caused by a conflict or activities that would constitute a war. For three reasons, the fine print is currently raising questions.

How does the insurer—or the claimant—prove that a particular organization was behind an attack and, consequently, what the reason for the attack was—for example, war—when an organization is the victim of a ransomware attack? How do you even find out? Finding concrete evidence—indeed, any evidence—to support attribution is extremely difficult.

Just recall how frequently "insert state name here> groups" are cited as being responsible for ransomware attacks. Although it is frequently so difficult to determine which actor is to blame for an attack and it is typically very difficult or even impossible to demonstrate differently, this does not necessarily imply that state-sponsored actors are behind it.

And now for the issue. Ransom demands are frequently in the millions of dollars, and losses could reach a billion dollars, so claims under?ransomware insurance ?won't be cheap. Insurance companies will look for every justification they can to deny paying a claim, which is understandable given their own interests.

Therefore, it is understandable why these assertions are frequently disputed in court.

It may just end up in court

The claimant often goes to court when there is a dispute about an insurance claim. It may take a while to resolve these matters, and the conclusion is unpredictable. The dispute between Merck and Ace American insurance is one illustration. The lawsuit involved the NotPetya attack, in which Merck had a significant incursion in June 2017 that required months to recover from and was estimated to have cost the corporation USD 1.4 billion.

However, Ace American first refused to pay the claim when the firm attempted to make a claim under its USD 1.75 billion "all-risk" insurance policy, claiming that it was subject to a "Acts of War" exclusion clause. This assertion was based on the assertion that NotPetya was used by the Russian government to wage war against Ukraine.

Shortly after, the claim was taken to court, but it took more than three years for the court to rule. In this case, the court ruled in favor of Merck, finding that Ace American, like many other insurers, had not sufficiently changed the wording in its policy exclusions to ensure that the insured, Merck, fully understood that a cyberattack launched in the context of an act of war would render the policy coverage invalid.

Protecting yourself is your priority

The insurance business is aware of the confusion, of course. A list of stipulations that its members could insert in the terms and conditions of cyber insurance policies was recently issued by the Lloyd's Market Association, a membership network of the influential Lloyds of London marketplace.

These provisions are said to do a better job of excluding cybersecurity vulnerabilities related to the conflict. However, there might still be some areas of disagreement, with attribution being the main issue.

However, given today's more stringent global security environment, there's a greater chance that any ransomware insurance you purchase won't cover you when you need it most.

However, depending on the costs and the degree of coverage, cybersecurity insurance may still be a viable choice. Though it's the last choice, your own internal IT asset protection initiatives should still be your first line of defense and your best hope.

?

The best insurance: a firm cybersecurity posture

Any?ransomware insurance policy , as previously indicated, will have minimal cybersecurity standards in place — conditions you must satisfy to ensure your policy pays out. This may involve measures like consistent, dependable backups and threat monitoring.

We'd like to recommend that you take things a step further and really maximize the security measures you implement throughout your IT estate. Put in place extra layers of security, such as KernelCare Enterprise from TuxCare for live, reboot-free patching, or Extended Lifecycle Support for older systems that are no longer receiving official support. By doing this, the problem is addressed.

Airtight security is impossible to achieve, but any solution can help you come as close as possible by lowering the number of risky windows. By taking the most precautions possible to protect your systems, you may assist ensure that unpleasant surprises like learning that your insurance does not cover data loss are avoided.

Therefore, as a final resort, purchase insurance to protect yourself. But make sure you use all the tools at your disposal to defend your PC.

For more than 20 years, Jeffrey has been defending business owners and their assets from cyber criminals. To speak with an expert security technician,?contact RCS Professional Services ?or visit our website?www.rcsprofessional.com ?to learn how we can help you. Visit our youtube channel to view our recent webinar on cyber insurance.