Insurance does exist to protect the insured from natural disasters, but insurance companies need protection so that their policies are not violated, and this is where the lowercase letters come in. However, in the case of ransom insurance, the fine print becomes controversial and can undermine the usefulness of ransom insurance.
In this article, we'll explain why, especially in today's climate, terms of war make purchasing insurance even less valuable, and why your organization should focus on protecting itself.
What is ransom insurance?
Recovery insurance has evolved as a product in recent years as organizations seek to purchase protection from the catastrophic consequences of successful recovery attacks. Why are you trying to buy insurance? Well, one successful attack can destroy a large organization or incur huge costs. NotPetya alone caused a total loss of $10 billion.
It is well known that ransomware attacks are very difficult to defend against. As with other catastrophic events, insurance companies offer insurance products. In exchange for the premium, the insurance company promises to cover most of the damage caused by the ransomware attack.
Depending on the policy, the ransom policy may include loss of revenue if the attack disrupts operations, or loss of valuable data if data is deleted as a result of the ransom action. Politics can also cover blackmail. In the case of others, you will pay the ransom demanded by the perpetrator.
The exact payment deadline, of course, will be specified in a policy document called "exact print". Cash in lower case also contains exceptions, i.e. circumstances in which the policy will not work. And that's the problem.
What's the problem with lowercase?
Understandably, insurance companies need to protect their premium pools from abuse. After all, it's easy for an actor to get insured, not because he's seeking cover, but because he's already thinking about lawsuits.
The small print doesn't have to be a bad thing, it's a way for both parties to define the terms of the agreement so everyone knows what is expected of them and what they are entitled to. The penalty for securing the ransom will show some reasonable conditions.
For example, your policy may require that every effort be made to protect your workload from ransomware. After all, it is reasonable to expect that you will take precautions in the event of an attack. Likewise, you may find a notice element in your contract that requires you to notify your insurance company of the attack as soon as possible.
Another common exception is war, where insurance companies have the right to refuse to pay a claim if the damage results from war or hostilities. It is this small print that is currently causing concern for three reasons.
The complexity of the exception war
When one nation-state opposes another, cyberwarfare can be used to inflict damage outside of a normal war zone. Cyber warfare can be unimaginable, and the affected parties do not have to be a state structure. Business can be in the crossfire.
There are good reasons for insurance companies to try to eliminate such a large level of risk. However, there are some problems. Defining war is the first question. When is an act of aggression considered an act of war? Another problem is with attribution, as cyber attackers usually do everything they can to hide it. It is not uncommon for an attacker to publicly announce his participation in an attack.
When an organization acquires ransomware as a result of an attack, how can the insurance company or plaintiff prove that a particular organization was behind the attack, for example, what was the motive behind the attack? war? how do you know? It is very difficult to find solid evidence or evidence of attribution at all.
Just remember how many times ransomware attacks were allegedly carried out by the "insert country name here" group. What this means is (it should not mean) that state-sponsored actors are behind the attack, but it is often so difficult to pinpoint the source of the attack that any actor is to blame, and it is usually very difficult or even impossible to do otherwise. .
This is a thing. The return on insurance claims will not be small. Ransom claims are usually in the millions and can cost billions of dollars. Based on its own interests, the insurance company will try to find possible reasons for refusing to pay insurance compensation.
Not surprisingly, these allegations have been challenged in court.
It can only end up in court
In the event of an insurance claim dispute, the plaintiff usually goes to court. The outcome of these cases is unclear, and finding solutions to them may take a long time. One example is Merck v. This is the American ACE Insurance Company. The case involved the NotPetya attack, in which Merck suffered a mass theft in June 2017, which took the company several months to recover and cost nearly $1.4 billion.
However, when the company attempted to file a claim for its $1.75 billion "all risk" insurance policy, Ace American initially refused to pay the claim, claiming that it was covered by the "laws of war" exclusion clause. This claim is based on the fact that the Russian government used NotPetya in its hostilities against Ukraine.
The lawsuit was brought to court, but it took more than three years for the court to decide, and this time in Merck's favor, saying that Ace American, like many other insurance companies, didn't change its wording enough. . in its policy exclusions to ensure that Merck's insurers are fully aware that a cyberattack in an adversarial context may mean invalid policy coverage.
Protecting yourself is your number one priority
The insurance industry certainly knows there is obscurity. Recently, Lloyd's Market Association, a member of the influential Lloyds Network in London, announced a number of policies that could include its members in cybersecurity products.
This provision is meant to try to best exclude war-related cybersecurity breaches. But again, this may mean you have to incur costs for this operation.
However, there is a growing possibility that any ransomware insurance you sign up for may not be paid for when you need it most, especially in today's highly secure global environment.
This does not mean that cybersecurity is not an issue, depending on the premium or level of coverage, it could be an option. But this is a last resort. Your internal efforts to protect your IT assets from attack remain your first line of defense – your best bet.
Best Insurance – Strong Attitude Towards Cyber Security
As mentioned earlier, every ransom insurance policy will have minimum cyber security requirements – conditions that you must meet to guarantee the outcome of your policy. This may include things like regular and reliable backups, as well as threat monitoring.
We would like to invite you to move forward to maximize the protection you have provided your technology facilities. Get an additional layer of protection, such as an unreleased online debugging engine like TuxCare's KernelCare Enterprise, or extended lifecycle support for legacy systems that are no longer officially supported. This helps to solve the problem.
No solution can provide you with reliable protection, but it can help you achieve your goals by minimizing the risk of minimizing windows. Taking the best possible steps to protect your system will help you avoid unpleasant surprises, such as knowing that your insurance doesn't cover data loss.
If so, be sure to cover yourself up a bit. But make sure you do your best by using all available tools to protect your system.
Are you interested in this article? Follow THN on Facebook, Twitter LinkedIn for our exclusive content.