Ransomware cyber insurance is typically an add-on to a cyber liability policy.
Paying a ransom is a phenomenon most of us are familiar with. An extortionist (criminal) will obtain something of value—by force or violence—from a person or company (victim). After, they’ll demand the victim pays a ransom (a sum of money) in order to reclaim what’s been stolen.
In today’s digital world, cyber extortion is when a hacker steals data or precious information, then demands compensation to return whatever they’ve stolen. Oftentimes, they take control of a company’s systems. If the company doesn’t pay, the hacker will delete all of their data. And given that cyber extortion is an actual job that can pay up to $360,000 per year, companies are now creating safeguards in the case that a ransomware attack happens to them.1
But aside from optimized security infrastructure, how do they avoid a fallout? The answer: ransomware insurance.
Ransomware is a type of malicious software that, once infecting a device, won’t allow anyone to access the computer until a ransom is paid. Usually, it’s transferred to a device by way of a phishing email (fraudulent email), corrupt link, boobytrapped image, an ad, or an infected website.
Typically, malware installs itself silently without the user knowing it. Afterwards, depending on the sophistication of the malware, a user might witness a pop-up with instructions on how to buy a decryption key to regain access to their files. Other times, a user won’t be able to access their computer system at all when a ransomware attack has occurred.
Given that phishing emails and digital scammers are on the rise, the idea of being hacked doesn’t just make for a good thriller.2 Today, businesses of all sizes are at risk of cyber crime. Unfortunately, given the skill of some hackers, the consequences can be devastating. And while ransomware campaigns are seeing a sharp decline, they’re also becoming more targeted and consequential.3
Ransomware cyber insurance, also known as cyber extortion coverage, is typically an add-on to a cyber liability policy. Essentially, it’s a subset of an overall cyber policy, with conditions that vary from insurer to insurer, business to business. Remember that, given the nature of ransomware, these are not one-size-fits-all for an insurance policy.
Instead, they hinge upon a company’s specific risk profile, which ranges drastically when it comes to their ransomware exposure. Yet, most insurance policy options will provide coverage against all or some of the below:
Insurer permission: It’s important to note that the actual ransom (typically) needs to be greenlit by an insurer. This means in the policy, the insurer will state that a company or individuals needs to first seek permission prior to submitting a ransom. If the insuree goes on and pays the ransom, then tells the insurer about it afterwards, they’ll likely exclude insurance coverage.
Cyber liability coverage is the umbrella policy that ransomware insurance is attached to. Typically, it includes both first-party and third-party coverage in the case of a data breach (other criminal cyber events can be included, too). But what does this mean?
First-party coverage – This includes insurance coverage for losses experienced by the company or individual which was breached. This could be anything from paying a ransom, repair costs, to being sued by a client due to the ramifications of a cyber event.
Third-party coverage – This cyber policy includes coverage for losses sustained by the customers, clients, or third parties that are affected by the cyber breach. For instance, if customers were to file claims against a company that was compromised, this would help cover the fees associated.
Ransomware is rarely its own form of coverage. It’s almost always an add-on to a cyber liability policy. It’s included in the “first-party coverage” bracket.
The reality is that many small businesses think “this could never happen to us.” But small businesses are just at risk for cyberthreats, if not more so. In which case, a few tips on protecting your company go as follows:
The more you’re prepared for a data breach or cyber attack, the more secure your company is. While ransomware insurance can help mitigate the financial consequences of a data breach, preventing the situation outright should always be the number one goal.
In addition to being protected from ransomware, does your business have general liability insurance and professional liability insurance? Here at Thimble, we help protect small businesses from third-party claims of:
We’re able to make insurance affordable by tailoring our policies to you. Choose coverage by the hour, day, or month, and rest assured that our insurance works when you do, and saves you money when you’re off the clock. Our mission is to make insurance simple—not only when purchasing policy, but when learning about coverage too. We’re your one-stop resource for all things insurance, made simple.
Our editorial content is intended for informational purposes only and is not written by a licensed insurance agent. Terms and conditions for rate and coverage may vary by class of business and state.