{"id":62102,"date":"2022-05-10T14:19:08","date_gmt":"2022-05-10T14:19:08","guid":{"rendered":"https:\/\/www.commvault.com\/blogs\/cyber-insurance-warranties-ransomware-protection"},"modified":"2023-05-05T06:12:06","modified_gmt":"2023-05-05T10:12:06","slug":"cyber-insurance-warranties-ransomware-protection","status":"publish","type":"post","link":"https:\/\/www.commvault.com\/blogs\/cyber-insurance-warranties-ransomware-protection","title":{"rendered":"Cyber Insurance, Warranties & Ransomware Protection: Mind The Coverage Gap!"},"content":{"rendered":"\n

With new threats emerging daily and increasing in complexity and sophistication too, cyber security has become a critical focus for all organisations – with every single company, irrespective of its size and location, at risk of a cyber-attack. As a result, most have started opting for cyber insurance to cover the losses that such attacks may incur, sometimes together with a specific ransomware warranty, catalysed by this type of threat accounting for some 75% of cyber insurance claims (AM Best 2021). Outside of ransomware, cyber insurance can cover areas including extortion demands and remediation efforts.<\/p>\n\n\n\n

But this is a market under strain, with the ratio of losses to premiums earned at 73% in 2021 according to Fitch Ratings and difficulty in diversifying the risk as cyber-attacks have no boundaries. Further, the absence of historical data complicates the capacity for the type of risk forecasting that the insurance industry typically employs to set pricing rates. In combination, this is ultimately threatening the profitability of the industry and thereby the protection it affords – and fuelling rising premium prices for customers too.<\/p>\n\n\n\n

Headline grabbing ransomware warranties are also an area that further investigation and small print reading is required.   What may look an attractive proposition (and often a no brainer) in many cases will never pay out and could lead to dangerous complacency.<\/p>\n\n\n\n

Additionally, clauses around cybersecurity insurance are increasingly tightening, as highlighted by the recent announcement by Lloyds<\/a> of London on coverage limitation, for example its insurance products will no longer cover the fallout of cyber-attacks exchanged between nation-states. Many insurers are also imposing stricter safeguarding requirements, which although helping to support increased levels of cyber security defences, this can also leave some organisations and especially SMB\u2019s exposed, as they are less able to meet the new minimum threshold limits.<\/p>\n\n\n\n

This makes knowing exactly what is covered<\/em> in any policy you have today, or are contemplating purchasing in the future, a business and technology imperative. Companies should know that cyber insurance policies and ransomware protection warranties do not cover every aspect of attacks and in most cases, there will be varying triggers, limits, conditions and coverages for different types of claims which can lead to denial or a reduced claim, creating an expectation and actualisation gap. Education and awareness here is key – you must be fully aware of what is not covered by your cyber insurance today, to avoid any surprises later.  Roy May does a great job of covering exactly this point.<\/p>\n\n\n\n

Let\u2019s explore some of the key issues in turn to support exactly that.<\/p>\n\n\n\n