According to the FBI, billions of dollars are lost every year repairing computer systems and networks hit by cyberattacks like ransomware. The 2019 Internet Crime Report notes that in 2019 alone, the FBI’s Internet Crime Complaint Center received 467,361 complaints of cybercrime with reported losses exceeding $3.5 billion. While the number of ransomware attacks has declined sharply, the amounts demanded in such attacks has increased. For example, BleepingComputer recently reported seeing ransom notes for the Ragnar Locker ransomware, which targets software commonly used by managed service providers, with demands ranging from $200,000 to about $600,000.
Some insurers selling cyber insurance offer to pay a ransom demand, which theoretically should allow the policyholder to get their data back. But what happens if you don’t have cyber insurance or the funds to pay the ransom? What if you pay the ransom and the criminals renege? If your computers and network are slowed but otherwise operable, will your traditional business owners’ insurance policy pay to replace the damaged computers and network?