Nine out of 10 cyber policies are in the US

Which means last week’s cyber-attack may have been woefully uninsured

Nine out of 10 cyber policies are in the US


By Allie Sanchez

A ransomware worm made its way to more than 200,000 computers in a number of countries over the weekend, and while one may dismiss its creators as petty criminals—asking for an average individual ransom cost of $300—its economic implications are significant.

The “WannaCry” ransomware worm inched its way through the systems of hospitals, car manufacturers, telcos, factories, schools and shops, leaving in its aftermath business interruption costs upwards of $4 billion, according to cyber risk modelling firm Cyence.

A Reuters report said that firms in Europe and Asia are particularly vulnerable to another spate of attacks after the worm took a respite towards the tail of the weekend.

“If you’re a hospital that turned away patients, if you’re a global delivery company that can’t send a package or a telecom company in Spain, Russia or China, the financial statement impact from the business interruption is much larger than the $300 (ransom),” Kevin Kalinich, global head of Aon Plc’s cyber risk practice, said in the report.

Kalinich further said that US companies are most prepared for such events as nine out of 10 cyber policies across the globe were taken out in the country.

Bob Parisi, US cyber product leader for insurance broker Marsh, explained that the market is more mature because regulations, specifically state breach notification laws, have been in place for the past 10 years.

The weekend incident is expected to be another lesson learned for insurers as they study more carefully which risks to assume as well as the language they use to define coverage and exclusions, the report added.

“They will want to pick the companies that are most prepared,” Kalinich observed. He further noted that other firms will be qualified for coverage but insurers will be more meticulous about exclusions moving forward. 

For instance, he said, insurers may require their policyholders to contact them before paying ransoms in the future.

“There are really important intricacies…” he concluded.

Related stories:
The ever-evolving cyber threat landscape
Smaller financial institutions increasingly cyber-targeted

Keep up with the latest news and events

Join our mailing list, it’s free!