The WannaCry Affair: Three Cyberinsurance Related Tips for Clients

Author:Mr Saad Gul and Michael E. Slipsky
Profession:Poyner Spruill LLP

As we previously noted, a recent ransomware attack crippled over 75,000 computers in over a 100 countries. The "WannaCry" appears to be the largest Ransomware attack to date. However, cyber-experts are already warning of a second, bigger, wave.

Organizations are scrambling to respond to the increasingly ominous threat. However, in our experience, one aspect is frequently overlooked in incident response plans: insurance. Any cyber contingency exercise should factor in the role of insurance. There are three reasons.

First, many policies carry a reporting requirement. Insureds must report the incident, even if coverage is not available. Failure to do so runs the risk of forfeiting future related coverage e.g. in a subsequent Directors & Officers Liability claim arising out of the same incident. For certain "claims made" policies, failure to report a previous incident can void coverage in later policies.

Second, insurers are increasingly offering free or steeply discounted cyber assistance: the digital counterpart to the "preventative medicine" model. Even if an organization has not experienced an incident, it should utilize these resource. A insurer's practiced eye can identify easily rectified issues - an exercise that could avert a potential catastrophe down the road. Since the personnel detailed to this task specialize in constantly evolving...

To continue reading