Cyber Extortion Insurance

On September 21, 2021 and October 15, 2021, the US Treasury Department’s Office of Foreign Assets Control (OFAC) issued reminders of the sanctions risks for facilitating ransom payments to designated malicious cyber actors.  As discussed in our prior blogpost on OFAC’s October 1, 2020 advisory, OFAC has made clear that it is increasingly willing to bring enforcement actions against entities, including cyber insurers, that facilitate payments to sanctioned threat actors on behalf of corporate victims.
Continue Reading Key Takeaways From OFAC’s Recent Guidance: Carefully Scrutinize Insurance Coverage And Respond To Cyber Incidents With The Assistance of Experienced Advisors

Is it illegal for an insurer to pay the ransom demanded in a cyber extortion or ransomware attack on its insured? According to the US Department of the Treasury’s Office of Foreign Assets Control’s (“OFAC”) October 1, 2020 advisory (“OFAC Advisory”), in certain situations, it may be.
Continue Reading While OFAC Cautions Cyber Insurers About Facilitating Ransomware Payments, Policyholders Should Ensure They’re Covered