Previous All Posts Next

WannaCry Drives Cyber Insurance Premiums Higher

Posted: June 2, 2017 to Cybersecurity.

Tags: Data Breach, Malware, Ransomware

WannaCry is aptly named; after the release of this super ransomworm, it is likely that many companies wept. However, one company’s bane is another company’s treasure. The purchase of cybersecurity insurance policies is on the rise; considering the fact that WannaCry has caused over a billion dollars in damages in the short amount of time that it has been released.  The reason this worm has been so effective is that, as you are probably aware, when it is uploaded to one computer, it has the ability to infect any other vulnerable device that is also on the network.  It was spread via a Windows OS vulnerability, as opposed to most other viruses that use phishing schemes to infect its devices. It is estimated that Cybersecurity insurance premiums will likely exceed $5 billion over the next 4 years, as companies realize what a massive financial impact these increasingly damaging viruses can have on their business, by way of downtime, ransoms, and loss of credibility, among many other potential threats.  Once attacked, companies can file a claim to help recoup damages caused by the cyber breach. However, it is important to keep an eye on your policies and make sure you know what the insurance company is and is not willing to cover.  Even though the advent of superbugs is increasing the number of premiums they are receiving, it will also increase the cost of payouts they will hand over, as well. That is one thing that makes cyberworms like WannaCry so scary to not only the uninsured, but the insurance companies as well - it is a lot easier for them to handle damages on a handful of computers, as opposed to damages for an entire network. Like medical insurers, insurance companies that cover cybersecurity are going to do their best to mitigate their own losses.  Paying out for thousands of devices can cause a lot of problems for insurance companies - including potential insolvency.  If the payout is so great as to exceed the premiums it has received, the company could possibly close down.   As a potential purchaser, you will want to be aware of what your policy covers and does not cover.  When purchasing, make sure to ask the following questions:  
  • Is employee error covered under the policy, or would they fail to pay out if someone in the company fell for a phishing scam?  Most policies will not pay out for errors, or if they do cover it, the insurance company will most likely request an increased premium in the form of a rider.
  • Is a known vulnerability that has not patched considered a “pre-existing condition”?  The answer to this varies depending on the company.
  • Should a system that is not patched be covered, or would it be denied due to an “Error and Omissions” clause?  Again, it is important to review the policies.
    In addition to reviewing the fine print, here are some other tips to help you in the troubled time:
  • Get quotes from multiple insurance companies.  Also be sure to compare and contrast their policies, based on the questions listed above.
Keep your employees in the loop.  Keeping employees up-to-date on the latest cyberthreats, and teaching them how to not get phished will go a long way, especially considering the fact that most policies do not cover employee error.

Protect Your Business Today

Petronella Technology Group has provided cybersecurity, compliance, and managed IT services from Raleigh, NC for over 23 years. Contact us today for a free consultation and technology assessment.

Need help implementing these strategies? Our cybersecurity experts can assess your environment and build a tailored plan.
Get Free Assessment
Explore Our Services
Cybersecurity AI Services Compliance HIPAA CMMC Managed IT

Related Articles

NIST CSF 2.0: What Changed, Why It Matters, and How to Update Your Cybersecurity Program [Video + Guide] NIST CSF 2.0: What Changed, Why It Matters, and How to Update Your Cybersecurity Program [Video + Guide] Incident Response Planning: Build a Cyber Incident Response Plan That Actually Works in 2026 [Video + Guide] Incident Response Planning: Build a Cyber Incident Response Plan That Actually Works in 2026 [Video + Guide] Email Security for Business: Stop Phishing, BEC, and Email-Based Attacks Before They Cost You Millions [Video + Guide] Email Security for Business: Stop Phishing, BEC, and Email-Based Attacks Before They Cost You Millions [Video + Guide] Network Segmentation Guide: How to Contain Breaches and Protect Critical Systems with Proper Network Design [Video + Guide] Network Segmentation Guide: How to Contain Breaches and Protect Critical Systems with Proper Network Design [Video + Guide]

About the Author

Craig Petronella, CEO and Founder of Petronella Technology Group
CEO, Founder & AI Architect, Petronella Technology Group

Craig Petronella founded Petronella Technology Group in 2002 and has spent more than 30 years working at the intersection of cybersecurity, AI, compliance, and digital forensics. He holds the CMMC Registered Practitioner credential (RP-1372) issued by the Cyber AB, is an NC Licensed Digital Forensics Examiner (License #604180-DFE), and completed MIT Professional Education programs in AI, Blockchain, and Cybersecurity. Craig also holds CompTIA Security+, CCNA, and Hyperledger certifications.

He is an Amazon #1 Best-Selling Author of 15+ books on cybersecurity and compliance, host of the Encrypted Ambition podcast (95+ episodes on Apple Podcasts, Spotify, and Amazon), and a cybersecurity keynote speaker with 200+ engagements at conferences, law firms, and corporate boardrooms. Craig serves as Contributing Editor for Cybersecurity at NC Triangle Attorney at Law Magazine and is a guest lecturer at NCCU School of Law. He has served as a digital forensics expert witness in federal and state court cases involving cybercrime, cryptocurrency fraud, SIM-swap attacks, and data breaches.

Under his leadership, Petronella Technology Group has served 2,500+ clients, maintained a zero-breach record among compliant clients, earned a BBB A+ rating every year since 2003, and been featured as a cybersecurity authority on CBS, ABC, NBC, FOX, and WRAL. The company leverages SOC 2 Type II certified platforms and specializes in AI implementation, managed cybersecurity, CMMC/HIPAA/SOC 2 compliance, and digital forensics for businesses across the United States.

CMMC-RP NC Licensed DFE MIT Certified CompTIA Security+ Expert Witness 15+ Books
Related Service
Protect Your Business with Our Cybersecurity Services

Our proprietary 39-layer ZeroHack cybersecurity stack defends your organization 24/7.

Explore Cybersecurity Services
Previous All Posts Next
Free cybersecurity consultation available Schedule Now