Businesses that have not purchased cyber insurance policies are looking to alternative coverage for WannaCry losses.
Companies without cyber insurance are reportedly making claims through their ransom, extortion and kidnap insurance policies in the hopes of recouping losses from WannaCry and other ransomware.
The issue is that cyber insurance can be costly and businesses operating outside the U.S. rarely buy it.
Aside from the expense associated with cyber insurance, many companies don’t think to buy it as they don’t feel that they would be the target of this type of attack or data breach. When those companies find themselves to be victims of cyber attacks like the recent WannaCry disaster that froze out over 200,000 computers across over 150 nations, they look to their extortion, ransom and kidnap insurance.
That said, the payouts businesses are receiving through their kidnap insurance isn’t as high as cyber coverage.
According to CAN Hardy, specialist commercial insurer, chief underwriting officer, Patrick Gage, stated that “There will be some creative forensic lawyers who will be looking at policies.” He also pointed out that the kidnap and ransom policies are meant to be used when a person’s life has been threatened. “Our absolute preference is that people buy specific cover, rather than relying on insurance coverage that is not specific.”
Travelers Companies, Hiscox Ltd and American International Group (AIG) have all reported the receipt of claim filings on K&R policies for recent ransomware attacks. Moreover, those companies have all said that this is a growing trend. That said, out of confidentiality and security for their clients, those insurance companies declined to comment on the total number of claims they have received.
A spokesperson from Hiscox did say that “We are seeing claims (over the past 18 months) but not a huge uptick,” and that “These are within expectations and entirely manageable.” She did not, however, say whether the kidnap insurance claims had to do with the WannaCry ransomware attacks. As a result, many in the insurance industry expect that insurers will be looking into their policy language for greater specificity into the perils included in the coverage.