How to deal with ransomware when data is held hostage

September 20, 2022 | SECURA

No organization, school, or business is immune to the risks of ransomware attacks. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Today, businesses suffer ransomware attacks every 40 seconds.

This article will help educate you on the complexities of ransomware, and the importance of selecting a cyber insurance carrier that provides the coverages you may need if you’re hit by a ransomware attack.

Two companies decide not to pay a ransomware demand, but result in different outcomes.

Example #1:
Cyber thieves claimed responsibility for an attack on a software company and demanded $70 million to restore customer information. In response, the software company did not pay the ransom and, instead, developed a patch which allowed them to unencrypt the data and restore it to their customers. 

Example #2:
A dental laboratory’s data was hacked and held for ransom. The lab also did not pay the ransom and, instead, took steps to prevent all outside access to email, internet, and other main areas of its computer network. This decision, while preventing thieves from profiting from the illegal activity, resulted in chaos for the lab. For weeks, access to patient records, patient appointment schedules for dental needs, and employee payroll information were not accessible. This lack of access caused the dental office to lose an estimated $500,000 in revenue; not to mention the goodwill of their patients and employees.

Should you pay ransomware?

As detailed in the examples above, there are no clear answers regarding the question of if a company should pay ransom or not; however, one thing is certain – without expert assistance, paying or not paying could prove costly. 

How to protect yourself if you’re attacked by ransomware

Businesses purchase property insurance with the thought that if they are broken into, their insurance policy will take care of the property. This manner of thinking should remain the same with confidential data. Purchasing Cyber Security Insurance coverage provides peace of mind knowing that if customer information is stolen, it’s covered with a cyber insurance policy, and expert assistance from your insurance company is provided. Below is a list of the coverages you should look for when selecting a cyber coverage insurance provider.

Data Compromise Response Expenses

Pays policyholders for forensic IT, breach notification, credit monitoring and case management services, legal counsel, PR services, reputational harm, reward payments, regulatory fines and penalties, and PCI assessments, fines and penalties.

Computer Attack

Pays for data restoration, data recreation and system restoration costs due to a computer attack that damages data and/or software; includes business interruption, PR services, reward payments, and future loss avoidance coverage for improvements to a computer system after a computer attack.

Misdirected Payment Fraud

Pays for direct financial loss resulting from criminal deception using email, facsimile, or telephone communications to induce a policyholder, or a financial institution with which an insured has an account, to send or divert money, securities, or tangible property.

Computer Fraud

Pays for direct financial loss resulting from an unauthorized system access to transfer money from the policyholder's premises or bank to another person or place.

Telecommunications Fraud

Covers payments owed to a telephone service provider resulting from a fraudulent charge caused by an unauthorized access to the policyholder’s telecommunications system.

Identity Recovery

Identity theft services for business owners; case management and expense reimbursement for out-of-pocket costs, legal expenses, lost wages, and child or elder care.

Privacy Incident Liability

Third-party coverage for suits brought by affected individuals or for judgments brought by states or regulatory agencies.

Network Security Liability

Covers policyholders’ settlement and defense costs for suits alleging a policyholder’s computer security negligence.

Electronic Media Liability

Covers a policyholder’s settlement and defense costs for suits alleging copyright or trademark infringement, defamation of a person or organization, or violation of a person’s right to privacy.

Looking for more information about cyber security?

Ask your SECURA independent insurance agent for more information about our Cyber Security Insurance coverage, or find an agent near you.

Find Your Local Agent

©2022 The Hartford Steam Boiler Inspection and Insurance Company. All rights reserved. This document is intended for informational purposes only and does not modify or invalidate any of the provisions, exclusions, terms or conditions of the policy and endorsements. For specific terms and conditions, please refer to the coverage form. Coverage subject to applicable deductibles and limits in the policy.