IT Blog

In The Headlines

Does Cyber Insurance pay in the war on Ransomware? What you can do to ensure your business is protected

Fran Finnegan earned a computer science degree and an MBA. He built a very successful business over 24 years and then lost it all to Ransomware due partly to one password he forgot to change that he had set 24 years earlier. He missed a good few other Cybersecurity measures that could have saved him as well. Right now he is trying to put his business in San Francisco back together, but it has been offline for weeks as he tries to rebuild his database of valuable SEC filing information that he offers to his subscribers.

Mondelez International, an American multinational confectionery, food, holding and beverage and snack food company based in Chicago, was hit by the NotPeyta cyberstrike in 2017. Their IT systems were down for days and it was weeks before they recovered, resulting in $100 million in losses. The company had business interruption insurance they thought would cover them and took some comfort in knowing the financial effect in the company would be covered. But it was not! When it became known the attack was from Russia, their insurer used a “war exclusion” in their policy to deny the claim. They had been collateral damage in a cyberwar.

Some cyber insurance policies contain wording that requires the insured to “continuously implement the procedures and risk controls identified in the insurance application”. Perhaps you said you had antivirus installed. Did you forget to renew it? Have you ignored all those Windows updates and reboot requests?

Then there is social engineering, “the psychological manipulation of people into performing actions or divulging confidential information”, be that via email or someone giving your assistant (who happens to know your PIN and passwords) too many drinks at the local bar. Claim denied… the information was voluntarily handed over.

Yesterday AIG insurance in the US announced that their cybersecurity premiums have gone up nearly 40% globally. They further said, “We continue to carefully reduce cyber limits and are obtaining tighter terms and conditions to address increasing cyber loss trends, the rising threat associated with ransomware and the systemic nature of cyber risk generally.”

The consensus is certainly not to pay the ransom, and I think that is correct, but premiums are on the rise and the terms are going to get stricter. It does mean companies need to act more responsibly protecting their data and systems. In my book “Email Hijack“, I cover many details about how email is one of the biggest threats to a business and how to ensure you are protected from that and other threats.

The trend is clear. Insurance is no longer the best way to protect a business from cyber threats. You need not just good Cybersecurity but the best Cybersecurity. Good only blocks 90% of cases, and with a cyberattack occurring every 39 seconds somewhere in the world, the risk is just too great.

The most notable recent local case of Ransomware was the Waikato DHB, and the effect on people’s lives from that has been traumatic. The effects continue to be felt months later, with health backlogs and private information from patient records being ransomed and released online.

What data do you have on your IT systems? How would your business be affected if you lost all that data? How would your business be affected if private and confidential information of your clients was made public? What about emails you have exchanged?

Get expert IT help on these issues now by contacting us on 07 222 0091 or use the Contact us page on the menu

With thanks to


Leave a Reply

Your email address will not be published.