Beginning last Friday, and still occurring today, one of the worst and most widespread malware attacks has impacted more than 200,000 victims in at least 150 countries, including Britain’s National Health Service, FedEx, telecommunications companies Telefonica and Megafon, and automakers Renault and Nissan. The malware, known as “WannaCry,” disables the user’s computer system and all of its data. A note in a text file then appears stating that in order to unlock the computer, $300 worth of the digital currency bitcoin must be paid to the hackers. A countdown timer appears and the fee increases with time. The hackers threaten to delete all data on the computer system if payment is not sent within one week. Cybersecurity experts believe that the malware was sent to computers through “phishing attacks,” which are emails that appear to be from reputable sources and include a download to a link that allows the malware to infect the computer. From these computers, the malware then spread to other computers on the network. One infected computer can spread this virus network-wide, and quickly.
The WannaCry malware attack is a reminder of the importance of cyber insurance coverage. Businesses affected by these types of attacks can incur significant loss, including for the ransom amount, any resulting business interruption, the cost of any lost data, damage to customers and other third parties, along with associated public relation expenses. Most commercial general liability policies and property policies exclude coverage for cyber-related losses. Thus, it is important for businesses to ensure they have comprehensive coverage for cyber-related attacks.
In order to be covered for these types of attacks, cyber coverage should include coverage for cyber extortion, including coverage for ransom to unencrypt data and restore network access after an attack has already occurred – – which is not covered under many cyber insurance policies. And it is essential that coverage for cyber extortion provide for the payment of ransom in the form of Bitcoin or other digital cryptocurrency, including transactions enabled by blockchain technology. Additionally, business interruption or network interruption coverage is needed to address any interruption caused by a malware attack. And in the event the ransom cannot be paid, coverage is needed for lost data. Further, to the extent a malware attack results in damage to a business’s customers or other third parties, liability and professional liability insurance specific to cyber-related errors and omissions is necessary. Even more, in the event of an attack, a business may incur expensive public relations costs to mitigate the damage to its reputation and should consider coverage for these types of costs as well. Lastly, it is important that coverage extend to social engineering hacking like the “phishing” that was used here to gain access to individuals computers, which may be included as an endorsement to a cyber insurance policy or under a crime insurance policy.
To better protect against and respond to increasingly sophisticated cyberattacks and related risks, businesses should have experienced coverage counsel review their current insurance policies to ensure they are covered for malware attacks like the WannaCry attack.
News sources: NBC News, May 13, 2015, Huge Cyberattack Hits Nearly 100 Countries With ‘Wanna Decryptor’ Malware; CNN, May 14, 2017, World’s Biggest Cyberattack Sends Countries Into ‘Disaster Recovery Mode’; Washington Post, May 12, 2017, Malware, Described In Leaked NSA Documents, Cripples Computers Worldwide