Call Us CALL US TODAY | 352.332.0180
Auto Insurance PERSONAL AUTO
Homeowners Insurance HOME
Business Insurance BUSINESS
Toy Insurance TOYS
Contractors Insurance CONTRACTORS

D&O Coverage: Protection against Ransomware Attacks?

It's a nightmare scenario for business owners. Employees log in to their workstations and attempt to access the usual systems, expecting to find customer reports. Instead, they find a message demanding money.

If the business wants to regain access to its software and data, it will have to pay a ransom. Until then, it is locked out. The business has become the latest victim of ransomware. 

Ransomware is malicious software that hackers introduce into an organization's computer network to encrypt its data. The hackers hold the data hostage until their demands are met.

Those demands are normally for money, often payable in a crypto-currency such as Bitcoin. The hackers threaten to encrypt the data indefinitely, or even start deleting it, if they do not receive payment.

Ransomware has been around for a decade, but its use has exploded since 2015. Because it was infrequent until recently, insurance coverage for losses resulting from these attacks has not yet been widely purchased.

While cyber insurance has been available for several years, the coverages continue to evolve with the threats they insure against. Also, businesses have been slow to see a need for these policies, resulting in a low level of sales.

Consequently, an organization that falls victim to a ransomware attack might find itself uninsured. However, there are two potential avenues for coverage that many organizations already have - directors and officers (D&O) liability insurance and crime insurance.

Kidnap & ransom coverage

These types of policy often provide kidnap and ransom (K&R) coverage. This coverage, frequently purchased by multinational corporations, applies to an organization's cost to pay ransoms.

Traditionally, coverage applied only if an "insured person" such as an employee or executive was kidnapped. Such policies would do nothing for the victims of ransomware attacks.

Some insurers are now providing - either deliberately or unintentionally - K&R coverage that applies to ransoms paid in response to cyber extortion. Among the events that these policies may consider cyber extortion are:

  • Threats to poison a computer system with malware.
  • Threats to change, damage or destroy programs or data stored on a system if the owner does not pay a ransom.


Some insurers who provide K&R coverage did not anticipate covering ransomware losses and have made changes to the policies they sell. For example, some have added deductibles to the coverage, mirroring the terms of cyber policies, while others have capped the amount of business interruption coverage they will provide for cyber extortion losses.

Other insurers have changed their policies to better cover ransomware losses. Some have set up Bitcoin accounts for clients so that ransom payments can be made faster, shortening the length of time a business is incapacitated.

The takeaway

Experts expect the problem to become more urgent. The cost of global ransomware attacks in 2015 was $325 million, but by 2019 it is expected to be more than $11.5 billion. As the threat increases, organizations will have no choice but to insure against these losses, either through D&O coverage or cyber insurance.

Those who do not carry cyber insurance should review their D&O policies with their agents to determine whether the K&R coverage applies to ransomware losses.

If the coverage is missing, steps should be taken to obtain it, either through K&R coverage or cyber policies.

Cyber criminals are using ever more sophisticated tools. Sound network security practices are the best way to avoid disaster, but proper insurance coverage is essential if things should go wrong.

Thank you for visiting the Partners Insurance Agency blog. We hope you found our content helpful and informative.

Posted 12:00 PM

Share |

No Comments

Post a Comment
Required (Not Displayed)

All comments are moderated and stripped of HTML.
Submission Validation
Change the CAPTCHA codeSpeak the CAPTCHA code
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016

View Mobile Version
© Copyright. All rights reserved.
Powered by Insurance Website Builder