Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
Settings
Settings
Dynamic quotes 
OFFON

4-Traders Homepage  >  News  >  Economy & Forex  >  All News

News : Economy & Forex

Latest NewsCompaniesMarketsEconomy & ForexCommoditiesInterest RatesBusiness LeadersFinance ProfessionalsCalendarSectors 
All NewsEconomyCurrencies / ForexCryptocurrenciesEconomic EventsPress releases

Companies use kidnap insurance to guard against ransomware attacks

share with twitter share with LinkedIn share with facebook
share via e-mail
0
05/19/2017 | 05:38pm CEST
FILE PHOTO: A WannaCry ransomware demand, provided by cyber security firm Symantec

NEW YORK/LONDON (Reuters) - Companies without cyber insurance are dusting off policies covering kidnap, ransom and extortion in the world's political hotspots to recoup losses caused by ransomware viruses such as "WannaCry", insurers say.

Cyber insurance can be expensive to buy and is not widely used outside the United States, with one insurer previously describing the cost as $100,000 (£76,741) for $10 million in data breach insurance.

Some companies do not even consider it because they do not think they are targets.

The kidnap policies, known as K&R coverage, are typically used by multinational companies looking to protect their staff in areas where violence related to oil and mining operations is common, such as parts of Africa and Latin America.

Companies could also tap them to cover losses following the WannaCry attack, which used malicious software, known as ransomware, to lock up more than 200,000 computers in more than 150 countries, and demand payments to free them up.

Pay-outs on K&R for ransomware attacks may be lower and the policies less suitable than those offered by traditional cyber insurance, insurers say.

"There will be some creative forensic lawyers who will be looking at policies," said Patrick Gage, chief underwriting officer at CNA Hardy, a specialist commercial insurer, in London.

He added, however, that given that K&R policies are geared towards a threat to lives, "our absolute preference is that people buy specific cover, rather than relying on insurance coverage that is not specific".

American International Group Inc, Hiscox Ltd and the Travelers Companies Inc have been receiving ransomware claims from some customers with K&R policies as ransomware attacks become more common, the companies said.

The insurers declined to comment on total claims, citing confidentiality and client security concerns.

"We are seeing claims (over the past 18 months) but not a huge uptick," a Hiscox spokeswoman said. "These are within expectations and entirely manageable."

She declined to say whether the firm had seen any such claims from the WannaCry attacks though Tom Harvey, an expert in cyber risk management at catastrophe modelling firm RMS, said "insurers with kidnap and ransom books will want to look closely at their policy wordings to see whether they are exposed."

A sharp rise in ransomware attacks in the past 18 months has driven companies to use K&R policies to cover some of their damages if they do not have direct cyber coverage or cannot meet initial cyber policy deductible costs, insurers said.

Symantec Corp,, a cyber security firm based in Mountain View in California, observed over 460,000 ransomware attempts in 2016, up 36 percent from 2015, the company said. The average payment demand ballooned from $294 to $1,077, a 266 percent increase.

But as the threat mounts, K&R insurers are at risk from steeper claims than they had anticipated. They are responding by making changes to their policies, which were not designed around ransomware, insurance brokers said.

MORE DAMAGING THEN KIDNAPPING

Most of the computers affected by WannaCry were outside the United States, where companies have been slow to buy cyber insurance. Nearly 90 percent of the world's annual cyber insurance premium of $2.5-3 billion comes from the U.S. market, according to insurance broker Aon Plc.

Global companies typically buy K&R policies without ransomware in mind. But instances of high-tech hacks and online ransom demands can hit a company’s business more than an executive being held hostage.

"If your CFO (chief financial officer) gets kidnapped, the company is going to continue to function," said Bob Parisi, cyber product leader for insurance broker Marsh, a subsidiary of Marsh & McLennan Companies Inc.

"If you get a piece of malware in the system, you might have two factories that stop working. The actual damage is probably greater."

The K&R policies, which typically do not have deductibles, cover the ransom payments as well as crisis response services, including getting in touch with criminal and regulatory authorities, said Kevin Kalinich, global head of Aon's cyber risk practise.

Still, K&R policies may provide only a quick fix since they were not designed for ransomware. Companies can add coverage for business interruption, but the upper limits for pay-outs are usually lower than for a cyber policy, insurers say.

K&R insurers have been adapting to ransomware-related claims - some are modernizing coverage by setting up Bitcoin accounts for clients to speed up ransom payments, brokers said.

But insurers are mindful of their own risks.

Some have added deductibles, said Anthony Dagostino, head of global cyber risk at Willis Towers Watson PLC advisory and brokerage.

AIG has reduced business interruption coverage for K&R policies to a $1 million maximum for cyber extortion events.

"Insurers didn't anticipate there would be this much ransomware activity," said Tracie Grella, global head of cyber risk insurance at AIG.

(The story was refiled to amend the wording on AIG in the penultimate paragraph)

(Reporting by Suzanne Barlyn and Carolyn Cohn; Editing by Carmel Crimmins and Timothy Heritage)

By Suzanne Barlyn and Carolyn Cohn

share with twitter share with LinkedIn share with facebook
share via e-mail
0
Latest news "Economy & Forex"
06:13pNAMA NATIONAL AUTOMATIC MERCHANDISING ASSOCIATIO : COFFEE, TEA AND WATER SHOW REGISTRATION IS NOW OPEN It’s Much More Than What’s in Your Cup Nov. 12-14 in New Orleans
PU
06:12pBoE chief economist votes for rate rise, boosting chance of Aug move
RE
06:11pManulife to cut 5 percent of Canadian workforce in technology push
RE
06:11pU.S. labour market tightening; mid-Atlantic manufacturing cools
RE
06:10pLONDON MARKETS: FTSE 100 Drops As Oil Shares Extend Losses; Pound Rallies On BOE Rate Vote
DJ
06:09pItaly's bonds, stocks tumble as eurosceptics to head key parliament committees
RE
06:08pGALEO JOINS 350 OTHER ORGANIZATIONS AND SIGN SHARP REBUKE TO RYAN’S IMMIGRATION BILL : Does Not End Family Separation
PU
06:08pOHIO AGRIBUSINESS ASSOCIATION : Attend the 2018 Food Industry Risk Academy in Chicago, Illinois
PU
06:03pCOLLIER COUNTY FL : Coffee With A Cop At Golden Gate Dunkin Donuts
PU
06:03pBombardier expects 50 percent market share with revamped CRJ 900 jet
RE
Latest news "Economy & Forex"
Advertisement