Cyberattacks are an increasingly frequent and costly risk faced by almost every business today. While the availability and scope of cyber-specific insurance has developed exponentially over the past few years, it is important to remember that more traditional policies (such as general liability and first-party property insurance) can still be a source for coverage in connection with cyber incidents, as a recent court decision demonstrates.
Every single industry or business in this day and age has either been the victim of a cyber attack or is concerned they will be next. A few examples from the last couple of months show how widespread the problem is. In June, a global ransomeware attack quickly spread across 64 countries, impacting organizations from law firms, banks and governments to food producers and hospitals. The attackers demanded $300 in Bitcoin—approximately $977,000 U.S. dollars in total—from each victim to unlock their data. At the annual DefCon computer security conference in late July, hackers took less than 90 minutes to hack voter-ballot machines and at least one hacker even broke into the system wirelessly, suggesting that U.S. computer-ballot boxes may be susceptible to attack.
The costs and penalties associated with a cyber attack or data breach should not be underestimated. For example, NPR recently calculated the average cost of a health care breach at more than $2.2 million, “not to mention the reputation damage.” And the FCC recently ordered AT&T to pay $25 million in connection with the exposure of more than 250,000 U.S. customers’ information.
On May 12, 2017, a massive ransomware cyber-attack infected over 100,000 computers in more than 150 countries. This malware, a Trojan virus known as “WannaCry,” encrypts files, and then threatens to destroy them, unless the victim pays a ransom. Colleagues Jamie Bobotek and Peri Mahaley opined about this recent attack and stress the necessity to take the time now to review and confirm your cyber-privacy insurance in a Pillsbury client alert.
Out of the blue one morning, a destination hotel’s operator receives an email informing it that the hotel’s computer and electronic key systems have been infiltrated, leaving the hotel locked out of its own computer system and, even more distressing, preventing hotel guests from utilizing their key cards to gain entry to their rooms and other hotel amenities. The email demands payment in the amount of 2 Bitcoin (approximately $1,900) to restore computer and key card functionality, which will double if not paid by the end of the day. The email provides details to access a Bitcoin wallet to make the payment, and then ends by stating, “Have a nice day!”