To Pay or Not to Pay: Does Your Insurance Policy Cover Ransomware Losses?
Abstract
Ransomware attacks are a rapidly growing threat against organizations. Paying ransom demands is a risky proposition and may even lead to sanctions against the targeted company. Either way, the damage to a company’s operation and integrity can be cripplingly severe. Should a company suffer losses from cyber extortion, its insurance company will be one of the resources it turns to for relief. But with cyber
coverage increasingly out of reach for some, policyholders may find coverage in more traditional coverages. In this article, the author evaluates the potential for coverage under several policy types, and underscores the importance of understanding policy language, the relevant law, and the potential regulatory ramifications of meeting ransom demands.
Author
Pamela D. Hans (phans@andersonkill.com) is the managing shareholder of Anderson Kill’s Philadelphia office. Her practice concentrates on insurance coverage exclusively on behalf of policyholders. Pam is also a member of the firm’s COVID Task Group and Cyber Recovery Group.
About
The Journal on Emerging Issues in Litigation is a co-production of HB, Fastcase, and Law Street Media. You can also hear the complementary (and complimentary) Emerging Litigation Podcast wherever podcasts appear. For questions, contact Tom Hagy, Editor in Chief, at Editor@LitigationConferences.com.