WannaCry is aptly named; after the release of this super ransomworm, it is likely that many companies wept.
However, one company’s bane is another company’s treasure.
The purchase of cybersecurity insurance policies is on the rise; considering the fact that WannaCry has caused over a billion dollars in damages in the short amount of time that it has been released. The reason this worm has been so effective is that, as you are probably aware, when it is uploaded to one computer, it has the ability to infect any other vulnerable device that is also on the network. It was spread via a Windows OS vulnerability, as opposed to most other viruses that use phishing schemes to infect its devices.
It is estimated that Cybersecurity insurance premiums will likely exceed $5 billion over the next 4 years, as companies realize what a massive financial impact these increasingly damaging viruses can have on their business, by way of downtime, ransoms, and loss of credibility, among many other potential threats. Once attacked, companies can file a claim to help recoup damages caused by the cyber breach.
However, it is important to keep an eye on your policies and make sure you know what the insurance company is and is not willing to cover. Even though the advent of superbugs is increasing the number of premiums they are receiving, it will also increase the cost of payouts they will hand over, as well.
That is one thing that makes cyberworms like WannaCry so scary to not only the uninsured, but the insurance companies as well – it is a lot easier for them to handle damages on a handful of computers, as opposed to damages for an entire network.
Like medical insurers, insurance companies that cover cybersecurity are going to do their best to mitigate their own losses. Paying out for thousands of devices can cause a lot of problems for insurance companies – including potential insolvency. If the payout is so great as to exceed the premiums it has received, the company could possibly close down.
As a potential purchaser, you will want to be aware of what your policy covers and does not cover. When purchasing, make sure to ask the following questions:
- Is employee error covered under the policy, or would they fail to pay out if someone in the company fell for a phishing scam? Most policies will not pay out for errors, or if they do cover it, the insurance company will most likely request an increased premium in the form of a rider.
- Is a known vulnerability that has not patched considered a “pre-existing condition”? The answer to this varies depending on the company.
- Should a system that is not patched be covered, or would it be denied due to an “Error and Omissions” clause? Again, it is important to review the policies.
In addition to reviewing the fine print, here are some other tips to help you in the troubled time:
- Get quotes from multiple insurance companies. Also be sure to compare and contrast their policies, based on the questions listed above.
Keep your employees in the loop. Keeping employees up-to-date on the latest cyberthreats, and teaching them how to not get phished will go a long way, especially considering the fact that most policies do not cover employee error.