Commenting on the global ransomware cyber-attack today, Jack Lyons, Partner, JLT Specialty, said: “This underscores the dangers that one ransomware attack can pose to global cyber security. A single event can have systemic consequences. There is no doubt, following WannaCry and today’s attack, that the volume and severity of these types of incidents is increasing sharply and their threat cannot be ignored.
“Companies must ensure they are fully prepared with detailed plans and systems in place, and will need to conduct a thorough review of their varied cyber exposures of which ransomware is just one. Most broadly-worded kidnap and ransom (K&R) policies may currently cover both the cost of dealing with a cyber-triggered extortion demand, including paying the ransom, and some may also have limited business interruption cover. However, this does not apply to all policies and to fully ensure adequate cover in the event of an attack like this, companies should consider purchasing standalone cyber insurance policies. Aside from the initial response costs, victims may incur many more financial losses including business interruption, liabilities, forensic investigations, and other incident response costs.
“Given the scope of this incident, it will be telling to see how the market responds and whether the nature of risk mitigation strategies and scenario planning will change.”