Feature  When I first became a company chief techie, the finance director patronisingly explained the basic asymmetry of prevention vs cure. Spending

When the bits hit the fan: What to do when ransomware strikes

submited by
Style Pass
2021-09-06 18:00:07

Feature When I first became a company chief techie, the finance director patronisingly explained the basic asymmetry of prevention vs cure. Spending money on assets to stop an attack come out of capex, but spending after the disaster would be up to the insurer, with premiums deducted out of opex. Also, prevention costs reduced current bonuses.

But according to Bill Mew, founder and CEO of Crisis Team, who advises companies on how to escape the hole they are in, if you're expecting cyber insurance to come to your rescue – don't. His experience is that if it is a small claim, you will probably get paid eventually, if only to keep you from complaining too loudly.

The odds are... at least some of your backups have been compromised, since not only do ransomware flingers target them, but it's entirely possible they've been with you for months

However, as we have seen in the cases of the insurer Zurich American Insurance Company, which fobbed off damage claims after its client suffered NotPetya ransomware infections, if it's a large claim, there are exclusions that may mean you don't get a payout. Zurich infamously cited "Act of War" exclusion to its client Mondelez. Yes, really. (In october 2018, Mondelez sued Zurich for breach of its "all-risks" property insurance policy, looking to be made whole for $100m in losses. The litigation is ongoing.)

Leave a Comment