Media Center

Share

Cyber Liability: The Download on Ransomware and Social Engineering

November 5, 2024
Share

Nearly every organization has an exposure to Cyber Liability. The only differentiating factors are severity and where an organization falls from a risk profile.

Organizations that have a large amount of personal health, financial and credit card information can be easily identified as targets for cyberattacks. These attacks are evident from recent well-documented breaches occurring at McDonald’s, Peloton and Volkswagen. Organizations that fall outside these areas tend to have a false sense of security and fail to see their own risk, which may be less obvious but no less important than breaches occurring within nationally recognized public corporations.

All organizations have sensitive information in their care, custody and control which may include:

  • Employee information
  • Proprietary information
  • Client data
  • Vendor information

When considering whether to buy Cyber Liability coverage, many companies focus on breach response costs, but overlook the less obvious risks, such as ransomware.

According to Cybercrime Magazine, Ransomware is so widely used that it is expected to cause $265 billion in damages by 2031.

Ransomware is often transmitted through e-mail phishing, but it can be transmitted by exploiting security vulnerabilities as well. It works by encrypting the company’s computer system and denying user access. Paying the extortion does not always guarantee the decryption codes will be provided. In fact, it could lead to more extortion attempts. In addition, the effected organization may experience:

  • Corrupted, stolen or damaged files or servers.
  • Loss of Revenue: while the computer system is encrypted, the day-to-day business could be affected. It is important to note that Business Interruption coverage on Property Insurance policies are limited to a physical interruption, so a malware-infected system may not be a covered cause of loss since it is a non-physical business interruption.

In addition to breach response costs, Cyber Liability policies will indemnify an organization for their cyber extortion expenses as a result of ransomware. This can also include:

  • Data restoration expenses to replace, recreate or restore information
  • Cyber Business interruption expenses as a result of covered interruption
  • Legal and computer advising expenses

In addition to ransomware, there has been a substantial increase in social engineering and phishing attacks. In these situations, an outside third party will induce someone at the organization to send sensitive information, transfer money, etc.

For more information, visit our Cyber Risk page or contact us below.

Property & Casualty - Cyber Risk
First
Last

This article originally posted in 2017 and has been updated.

Signup