Two Recent Rulings on Insurance Coverage for Ransomware Attacks
Two recent cases highlight issues that every New York business should consider in evaluating coverage under crime policies for cyber crime and cyber risks.
In an all too familiar scenario—a business email compromise scheme—a malicious actor poses as a top-level executive and directs an employee via email to wire money. The alleged purpose of the wire could be to pay a vendor or to consummate an important deal. Deceived by the imposter, the employee complies and wires the money as requested. Soon thereafter, the funds disappear, and the business is left bereft of funds and scrambling for solutions.
In another tragically common scenario—the “pay us or else” ransomware attack—a threat actor surreptitiously enters a business’s computer system posing as an authorized user, installs its own code on the system (i.e., swaps out the locks for its own and to which only it has the keys), and then locks the system. The threat actor then reveals itself and delivers its message: “pay us or else.” Even if the business were to pay, which is not recommended, the company’s data may be corrupted or the threat actor may remain in the company’s systems.
This premium content is locked for
Insurance Coverage Law Center subscribers only.
Start a free trial to enjoy unlimited access to the single source of objective legal analysis, practical insights, and news for the insurance industry.
- Access the most current expert analysis and daily developments across jurisdictions
- Solve complex research issues with expert tools and intelligence
- Tap into insurance coverage expert guidance
Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.