Ill-prepared firms resorting to kidnap insurance against ransomware attacks

In the absence of cyber cover, some companies are looking for alternate ways to recoup losses

Ill-prepared firms resorting to kidnap insurance against ransomware attacks

Insurance News

By Gabriel Olano

Companies without cyber insurance protection are turning to their existing kidnap, ransom, and extortion insurance policies after being hit by ransomware, such as the recent “WannaCry” attack, according to several insurers.

Cyber insurance is not yet widely available outside the US, leaving many firms ill-prepared for cyber attacks. Some companies don’t even consider it as they think they are unlikely to be targeted.

Kidnap and Ransom (K&R) insurance is usually used by international firms to secure their staff in areas where violence and kidnapping is quite common, such as in some regions of Africa and Latin America.

However, some firms that have no cyber insurance have been tapping their K&R cover to make up for losses inflicted by the ransomware. It should be noted that K&R payouts for ransomware could be lower than traditional cyber insurance.

“There will be some creative forensic lawyers who will be looking at policies,” said Patrick Gage, chief underwriting officer at CNA Hardy, told Channel News Asia. But K&R policies are designed with threats to lives in mind, making them ill-fitted for protection against cyber attacks.

“Our absolute preference is that people buy specific cover, rather than relying on insurance coverage that is not specific,” Gage added.

With the increasing threat of cyber attacks, K&R insurers could be facing more claims than they are prepared for. In turn, they may respond by amending their policies, which are not designed to handle ransomware.

Related stories:
Indian insurers on the hook following ransomware attack
Cautious approach needed on cyber: Ratings firm
Massive cyber breach “a wake-up call,” says expert

Keep up with the latest news and events

Join our mailing list, it’s free!