Given the relative newness of cyber insurance policies, comparatively little case law exists interpreting these policies in the context of claims. Courts have sometimes struggled with how to interpret unique policy provisions in the context of variations of computer fraud. While some courts have taken highly technical approaches to the language contained in the policy, other courts have taken a more relaxed approach based on the understanding of the parties. A recent case out of the Eleventh Circuit Court of Appeals highlights these issues. Principle Solutions Group, LLC v. Ironhorse Indemnity, Inc. tackled a claim dispute between an insured business and an insurance company involving a cyber claim.
Ransomware attacks have increased in frequency over the past few years. They now rank as the second most frequent type of claim against cyber insurance policies. Experts estimate that a new business is hit with a ransomware attack every fourteen seconds. For 2019, early information is showing that the frequency of ransomware attacks may be decreasing. This seemingly positive trend comes with two significant drawbacks however.
Cyber incidents and cyber practices are testing the boundaries of the law in numerous unique ways. The length of most litigation and the relative newness of cyber technology means that many of the claims and legal principles governing those claims are still working their way through the court system. The high cost of litigation sends many of those claims to settlement talks without a firm decision to guide future cases.
In the event of a cybersecurity breach, any company with a cyber insurance policy should contact their carrier as soon as possible. One of the first steps the cyber insurance carrier will take is to hire a forensics company to investigate the breach. Digital forensics is one of the more expensive aspects of most cyber claims, with costs typically ranging from $20,000 to $50,000.
There are recognized patterns of higher risk. For example, Hurricanes and earthquakes do catastrophic damage to a specific geographic area. These natural disasters pose unique risks to insurance companies as a result of that history. If an insurance company insures at lot of this type of risk, it can face massive losses and have its financial stability threatened. For this reason, insurance companies try to avoid insuring too many homes or businesses (for this example) in an at risk area for hurricane or earthquake damage. While this helps keep insurance companies financially sound, it can make coverage harder to obtain for those who need it most.
The problem of Social Engineering techniques called Phishing, Whaling, Spear Phishing, Pharming, or Impersonation Fraud has become significant and widespread in recent years. The insurance industry has made efforts to keep these risks in mind for cyber liability policies. Sometimes there is language added that will protect a company, but sometimes communication is added to a basic policy that would not protect a business against these specific risks.
When people think of cyber losses and cyber insurance, they tend to think of privacy breaches. The exposure of personally identifying information and concomitant risk of identity theft, which is followed by notification costs and regulatory fines is a recognized threat. More and more, though, the interruption of day to day business is the highest cost of a breach. These losses can lead to lost sales, lost productivity, reputational damage, and missed deadlines leading to breach of contract.
More and more companies are purchasing cyber insurance as the risks to the company’s businesses from the breach of their networks expand. More companies are also requiring that their vendors and contractors obtain cyber insurance to protect themselves from breaches caused by third parties. As the cyber insurance market place grows, it’s important for companies to know what they get with their cyber insurance policies to maximize the advantage of their purchase.
Ransomware continues to be a popular tool among hackers and cyber criminals. By locking users out of their own systems, these cyber criminals can extort significant payments from companies who risk losing way more money due to the interruption to their business. Traditionally, the number one target of ransomware attacks has been the healthcare industry due to the incredibly time-sensitive nature of their business. Recently however, hackers have focused their attacks on industrial businesses which is bad news for product manufacturers and physical plants.
When people think of property insurance, they often immediately think of buildings – things like houses, retail stores, or warehouses. If they continue the thought further, they may think of additional items of property like furniture or inventory. These items have a very real physical presence, and that physical presence subjects them to potential damage or loss from known hazards like a fire or water damage. Property insurance exists to protect individuals and companies from that loss.