Cyber Insurance, Cyber Warfare, and Modern IT Needs

Insurance company cites act-of-war to deny ransomware damages claim

You purchased cyber insurance to protect your business, just like you bought health insurance to protect yourself and your family. However, in the same way that health insurance can deny a procedure or medication, cyber insurers may deny your claims for business disruption arising from cyberattacks. 

Security professionals talk about cybercrime as though it’s a war, an ongoing battle against malicious actors. Apparently, insurance companies now agree.

In the Trenches of Cyber Warfare

In October 2018, food and beverage company Mondelez sued Zurich Insurance for the insurance company’s refusal to cover damages from the 2017 NotPetya ransomware attack. The NotPetya ransomware attack permanently damaged 1,700 Mondelez servers and 24,000 laptops. However, unlike most ransomware attacks, NotPetya didn’t demand money for data recovery. Instead, the attack was intended to disrupt companies by permanently making data inaccessible.

In February 2018, the governments of the United States and the United Kingdom denounced the NotPetya attack as a Russian attempt to destabilize the Ukrainian government. Denmark, Lithuania, Estonia, Canada, Australia, New Zealand, Norway, Latvia, Sweden, and Finland would later join the US and UK in calling out Russia as the source of the attack.

Unfortunately for Mondelez, this public announcement led to the development of current cyber insurance coverage litigation. According to the company, Zurich's coverage denial was based on contract language that excluded "a hostile or warlike act" by any "government or sovereign power." While most General Liability policies include this language, Zurich's use of the exclusion in a cybersecurity policy could be a game-changer for companies relying on their cyber insurance policies to help stand up their IT programs following a cyberattack.

Small, Medium, Large – Your Business Size Doesn’t Matter

The NotPetya ransomware attack impacted businesses across the world. Over the course of the attack, NotPetya encrypted hard drives and overwrote master reboot records preventing computers from loading the operating systems and bringing business to a halt.

Given that a single hour of downtime costs over $100,000, these effects quickly became devastating for organizations of all sizes. In fact, in the 45 seconds it took the ransomware to install itself, NotPetya was able to shut down affected companies for at least a full business day. Based on the $100,000 estimated cost, an affected business could expect a business interruption loss of well over $2 million in a single day. Following the attack, it was estimated that, all told, businesses suffered $10 billion in damages globally.

That’s Not All

If your business was affected and insured, you might have thought that you’d be able to recoup this cost. The Mondelez-Zurich coverage litigation seems to say otherwise. If courts determine that the war exclusion featured in the Zurich coverage agreement applies to “cyber warfare,” Mondelez won’t be able to recover that business loss. Moreover, this could serve as a precedent for future cyber insurance claim denials.

How to Protect Yourself

Regularly backing up your workstations, servers and hard drives is a proven strategy to protect your data from data loss events, including ransomware attacks. Acronis believes strongly in the 3-2-1 rule of backup:

  1. Make sure you have three complete copies of your data – one production copy and two backups
  2. Keep those backups on two different types of storage media (network drives, external hard drives, tape, in the cloud, etc.)
  3. Always keep one of those backups off-site where it is isolated from any cause of data loss that could destroy the original data and local backups (such as a fire, flood, or malware that can infect your network). Cloud storage is a convenient off-site option.

When a ransomware attack encrypts your data, it doesn't just remove your files, it keeps you from accessing the critical applications and operating systems your business relies on – causing costly downtime. With a complete backup and recovery solution, you can ensure that your company can withstand even the worst cyberattack and get back to business rapidly.

Keep in mind, however, that hackers recognize that reliable backups can allow users to recover from a ransomware attack, so new strains of ransomware are targeting backup software and the files they create.

To ensure your backups are protected, you need a solution that includes anti-ransomware technology, including self-defense mechanisms that keep the backup software secure.

Final Thought

As with anything else you might get an insurance policy for, it is always better to avoid damages. Dodging a car accident is preferable to having to repair or replace your vehicle. Diagnosing an infection early is better than a lengthy hospital stay.

And when it comes to protecting your digital assets from online attacks, the only real insurance is effective cyber protection – backup that includes anti-ransomware technology to proactively defeat cyberthreats.

Acronis Backup is the first business backup solution to offer an integrated anti-ransomware defense powered by artificial intelligence. With Acronis Backup, you can stop attacks before they cause damage and automatically restore any affected files — reducing outages and avoiding costly downtimes that can bankrupt your business.