Historically, companies have focused on potential losses arising out of cyber events impacting personally identifiable information.  The nature of this dialogue has begun to change with catastrophic losses suffered as a result of the 2017 ransomware attacks, and in particular the petya and non-petya attacks.  Global ransomware damages are expected to exceed USD5 billion in 2017, and to worsen in 2018.

Extortion demands stemming from ransomware attacks are typically very small – less than $5,000, and oftentimes even less than $500.  Rather, the majority of losses resulting from ransomware attacks comprise of the cost to restore/recover the data and income loss suffered while the company is trying to restore its data.  Even if a company pays the ransom and obtains the decryption key, restoring data is oftentimes a messy and time consuming process, and we are seeing more situations where a company's data cannot be fully restored. 

Given that most companies are highly dependent on electronic information and computer systems, business operations are oftentimes severely impacted during data restoration process, with some companies' operations coming to a grinding halt.  Downtimes of one to two weeks, which are not uncommon in the ransomware world, could have a meaningful impact on a company's bottom line.  We expect more companies, and in particular companies who do not have significant amounts of personally identifiable or sensitive customer information, will begin to buy cyber insurance not for the data breach coverage, but for business interruption coverage.

You can read the rest of our insurance predictions here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.