It happened with lightning speed: on May 29, 2019 an employee of the city of Riviera Beach, FL opened an email with an attachment that contained malware. The attachment infected that computer and began rapidly spreading to others within the city’s network.
The malware crippled the city’s email system and even affected 911 dispatch operations. The hackers demanded $600,000 in ransom to return the data that had been stolen.
What Happened Next?
On June 7, 2019 the Riviera Beach city council voted to pay the ransom of $600,000 in bitcoin to have their data returned. To date it is unclear whether this payment will result in the expected outcome.
Has This Happened Before?
Cities in North Carolina, California, Florida, Maine and Maryland have been hit this year. The most costly ransomware attack to date happened in March 2018: Atlanta, Georgia was almost completely taken down by hackers who demanded just over $52,000 in ransom. The city estimates it has paid over $17 million to repair the damage caused by the attacks.
Ransomware Isn’t Just For Cities
According to the blog Mimecast 92% of organizations experience a ransomware or malware email incident every year. They also report that businesses are down for an average of three (3) days due to ransomware/malware attacks.
The cybersecurity firm Sophos reports that the average cyberattack costs a business $133,000. That’s a large pill to swallow for a business that was down for 3 or more days.
How To Protect Your Business
There are ways to protect your business before and after a cyberattack.
Before: Always make sure that cyber security systems are up to date. Train employees to be on the lookout for suspicious emails. Use virus scans for all downloads.
After: After you have reported the malware or ransomware attack to the proper authorities, contact your cyber liability insurance company.
Do You Have Cyber Liability Insurance?
Cyber liability insurance can be used to protect your business in many ways, but can it protect you in the event of a malware or ransomware attack? If your policy was written to cover these events then yes, it can.
Most cyber liability policies are written on a manuscript form to include the policy coverage lines that you choose. It is important to be sure that your policy covers ransomware or other cyber extortion events. This coverage should include ransom payment, investigative fees and other expenses related to recovering systems and data.
While some Commercial General Liability (CGL) or package policies may include a sublimit for cyber liability, there are drawbacks. The sublimit is often small and the coverage isn’t broad enough to cover every type of cyber attack. Cyber liability coverage will fill in the major gaps left by the CGL policy coverage and helps avoid claims on the CGL policy.
Your Hayes Broker can review your current coverage or help you purchase new coverage to protect your business in the event of an attack such as the ones described above. Call today to find out how we can help.