Notwithstanding the absence of a congressional war declaration since Japan bombed Pearl Harbor, Zurich American Insurance Company has invoked a “war exclusion” in an attempt to avoid covering Illinois snack food and beverage company Mondelez International Inc.’s expenses stemming from its exposure to the NotPetya virus in 2017. The litigation, Mondelez Intl. Inc. v. Zurich Am. Ins. Co., No. 2018-L-11008, 2018 WL 4941760 (Ill. Cir. Ct., Cook Cty., complaint filed Oct. 10, 2018), remains pending in an Illinois state court. Continue Reading Zurich Invokes War Exclusion in Battle Over Coverage for NotPetya Attack
In a recent article published in Internet Retailer, Syed Ahmad, Lorelie (Lorie) Masters, and Katie Miller discuss the risks retailers face when using smartphone-reliant technology and contactless payment systems, including ransomware attacks and other security breaches, and the insurance coverage necessary to address these potential risks.
Beginning last Friday, and still occurring today, one of the worst and most widespread malware attacks has impacted more than 200,000 victims in at least 150 countries, including Britain’s National Health Service, FedEx, telecommunications companies Telefonica and Megafon, and automakers Renault and Nissan. The malware, known as “WannaCry,” disables the user’s computer system and all of its data. A note in a text file then appears stating that in order to unlock the computer, $300 worth of the digital currency bitcoin must be paid to the hackers. A countdown timer appears and the fee increases with time. The hackers threaten to delete all data on the computer system if payment is not sent within one week. Cybersecurity experts believe that the malware was sent to computers through “phishing attacks,” which are emails that appear to be from reputable sources and include a download to a link that allows the malware to infect the computer. From these computers, the malware then spread to other computers on the network. One infected computer can spread this virus network-wide, and quickly.
Reports of recent cyberattacks continue the discussion we started with yesterday’s blog post about common hurdles to coverage. The hurdle for today’s discussion? Ransomware.
Ransomware attacks are on the rise. Security services company SonicWall reported that ransomware attacks increased by a factor of 167, from 3.8 million in 2015 to 638 million in 2016. Similarly, insurer Beazley reported that ransomware claims quadrupled in 2016, and are expected to double again in 2017.
Despite these trends, many standard cyber forms do not cover ransoms to restore system access or to recover stolen data. Instead, the forms focus on ransoms paid to avoid a breach or the release of personal information. This gap in coverage is easily addressed by endorsement but, surprisingly, many businesses do not have such endorsements.
The risk of this often-unaddressed gap is real. In January, cyber criminals accessed an Austrian hotel’s network and remotely locked the hotel doors, preventing guests from entering their rooms. Efforts to issue new cards were unsuccessful, and breaking down doors would be too costly. In the end, the hotel paid 2 bitcoins (about $1,800) to restore access.
The prisoner’s dilemma caused by ransomware attacks may have more than just monetary consequences. The Cockrell Hill, Texas Police Department lost video evidence and digital documents after hackers took over its computer system. Messages demanded approximately $4,000 of bitcoin for return of the files, which the department refused to pay after consulting with the FBI. In an effort to end the attack, the department wiped its servers clean, but could not restore any files; it turned out that the department’s system backup had captured only the already-infected files. The department claims that none of the lost information was “critical,” but many criminal defense attorneys are already questioning whether that is the case, especially for charges that relied on video evidence.
The amounts at stake may seem small, but successful ransoms promise to encourage larger demands and unsuccessful ransoms may still cause significant expense to manually restore lost data — that is, when that data can even be recovered. And, the consequential interruption to policyholder’s normal business operations may have a substantial financial impact that far exceeds the ransom payment. The solution to these problems should not be to simply stockpile cash to address these risks or to rebuild damaged systems or data. Businesses must actively improve their risk protections, including improving their insurance coverage. Policyholders should begin that process by reading their policies, and working with experienced brokers and coverage counsel to ensure that coverages actually protect against real-world risks.