Chicago partner Kenneth Dort and Washington, D.C. counsel Katherine Armstrong were quoted in an Insurance Business article titled, “Have We Finally Got the Message on Cyber Risk?” The article discussed how the WannaCry ransomware attack will impact the cyber insurance business.
Katherine stated, “Surprisingly, insurance companies will likely not face significant losses as a result of the massive WannaCry attack. However, this is because many of the affected entities likely were not insured. Most of the entities affected by WannaCry suffered from one of two vulnerabilities – they failed to run current and supported operating systems, or while running current operating systems, they failed to have current patches and updates installed.”
Ken emphasized that companies who aren’t duplicating their data are likely vulnerable on two fronts.
“In our experience, entities that do not take reasonable steps to protect their data through patching or regularly backing up data, would very likely not have gone the extra step to obtain cyber insurance as they are already tightly controlling IT costs,” he said.
“Furthermore, entities that are not updating and patching would probably not be able to pass a baseline audit from a cyber insurance carrier. As a result, cyber insurance would likely have not been a consideration for many of the entities who were victimized by the WannaCry attack. Perhaps the vulnerabilities identified by this attack will motivate companies to improve their internal cyber vigilance so that they can benefit from the protection of cyber insurance."