This past summer, Colonial Pipeline Company was hit with a cyberattack. The hackers demanded a huge ransom in order to turn control of the pipeline back over to the company. The attack was one of many that has occurred recently, leaving questions about whether businesses and their insurers are prepared in the event they experience a similar attack.
These types of crimes are becoming much more sophisticated, and they require that insurance policies adapt to the changing nature of things. Businesses are finding that they need much more coverage than they expect, leading to issues for both sides when an attack happens. Recovery under insurance policies is complex even in straightforward scenarios; when situations like this arise, it can be impossible, costing time and money that companies cannot ever get back.
Biggest concern facing businesses and insurers
Let’s take a look at what happens when a company is the victim of a ransomware scenario. Let’s say a company has a collection of important information, such as customer lists or process notes, stored in their systems. They need to be able to use this information to carry out their day-to-day business. Without it, they are really nothing but a name – unable to do anything but wait.
When a ransomware attack happens, this information is basically inaccessible by the company until the situation has been resolved – which typically means until a company has paid the hackers an amount of money to release the data. Businesses are effectively shut down, losing money fast while trying to determine how to respond to the scenario.
When companies then look to their insurers to recover lost funds due to the attack, they find that the policy they have limits the recovery they may be able to receive. They have costs that far outweigh the payments from insurers, causing significant financial losses.
The future of cybersecurity insurance
With more high-profile attacks happening, it is likely that companies will need to seek more extensive and detailed coverage to protect their interests. Finding insurers willing to insure these risks could prove challenging. Additionally, rules and regulations may require business to take certain steps to protect their most valuable information in addition to obtaining insurance coverage for cyberattacks.
As things move forward, it is important to make sure you understand your policies, and what you need to do to prevent potential cyberattacks from impacting your company. These are expensive issues to resolve, and failing to take timely action may result in serious long-term problems.