Your IT Consultant

Check Your Cyber Insurance Exclusions

December 9, 2020

Hopefully, readers do have some sort of insurance coverage for cyber events. The coverage may be a separate policy or more commonly a rider to an existing policy. No matter how you are being covered, expect an increase in premiums and some new exclusions to your policy. According to a post in Data Breach Today, there are more than 75 companies offering some sort of cyber insurance. There are multiple studies showing that ransomware is on the rise. The cyber criminals are effectively operating as a cartel with affiliates doing the dirty work and the "bosses" getting a percentage (around 20%-30%) of the paid ransom. Instead of just encrypting your data, modern ransomware also exfiltrates your data and then extorts you with a second ransom payment to prevent disclosure of the information.

Recent numbers indicate that the average ransomware payment in Q3 is now $233,817. Ouch. As insurance company profits go down as a result of payment of ransoms, some insurers are "attempting to shelter themselves from these losses, either by excluding extortion events from standard cyber insurance coverage or by introducing onerous new conditions on policyholders," as reported by a Seriously Risky Business newsletter. In other words, expect to see exclusions for extortion and social engineering attacks. The recent Foxconn ransomware demand for a $34 million payment isn't helping matters.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com