Companies without cyber insurance are dusting off policies covering kidnap, ransom and extortion in the world’s political hotspots to recoup losses caused by ransomware viruses such as “WannaCry”, insurers say.
Cyber insurance can be expensive to buy and is not widely used outside the U.S., with one insurer previously describing the cost as $100,000 for $10 million in data breach insurance.
The kidnap policies, known as K&R coverage, are typically used by multinational companies looking to protect their staff in areas where violence related to oil and mining operations is common, such as parts of Africa and Latin America.
Companies could also tap them to cover losses following the WannaCry attack, which used malicious software known as ransomware, to lock up more than 200,000 computers in more than 150 countries, and demand payments to free them up. Pay-outs on K&R for ransomware attacks may be lower and the policies less suitable than those offered by traditional cyber insurance, insurers say.
“There will be some creative forensic lawyers who will be looking at policies,” said Patrick Gage, chief underwriting officer at CNA Hardy, a specialist commercial insurer, in London.