Heads-Up Cyber Insurance Does Not Pay out for Human Error

Written By 2Secure Corp


Currently, cyber insurance companies do not cover instances of human error. However, the recent WannaCry ransomware attacks have caught the attention of insurance companies around the globe.

Customers have started to file damage claims yet it is a bit too early to see the malware pandemic’s impact on the insurance industry. For insurers, the main threat regarding WannaCry does not concern any individual infected company, but rather involves overall aggregated risk.

The estimated total financial damage caused by WannaCry in just it’s first four days exceeds a billion dollars, largely caused by the hours of downtime for large organizations worldwide.

Now, cyber security policies are fast-growing in the insurance market, with pundits predicting five billion dollars in premiums by 2020. Organizations are buying these policies so that in the event of a data breach or ransomware infection, they can easily file a claim and get help to recover costs and remediate damages.

But… What About Pre-Existing Conditions?

According to Pascal Millaire, the vice-president of Symantec, insurance companies are noticing the significance of the recent WannaCry attacks.

He warns of the problem of major systemic events, like WannaCry, which could potentially lead to hundreds of claims at one time, grossly overwhelming insurance companies. Similar to medical insurers, cyber insurance companies also try to limit their overall risk, which includes controversial policies regarding pre-existing conditions.

Three Questions to Ask

There are three questions you should ask when shopping for a cyber security policy or when reviewing your existing policy:

  1. Do you know of any vulnerabilities that you have not patched or other pre-existing conditions?
  2. Should an un-patched system be covered under a clause for errors and omissions?
  3. When an employee falls for a phishing attack and infects the network, is that covered?

It’s important to remember that not all cyber insurance companies offer the same level of coverage. That means you should always have your legal department look over cyber insurance policies carefully.

An estimated 95 percent of ransomware spreads through email and social engineering, yet WannaCry exploited a patched Microsoft vulnerability and spread like a worm. Keep in mind that the majority of cyber insurance does not pay out when employee error was the cause of infection.

Looking specifically at WannaCry, Millaire says that it’s too early to tell if it will have a significant impact on cyber insurance premiums in the months ahead. However, he strongly suggests that if your organization is currently looking into purchasing cyber insurance, get quotes from several different companies and carefully analyze each option.

It’s time for security awareness training that simulates phishing attacks, which is extremely effective way to decrease your organization’s risk of ransomware infections.

Get a quote today and discover how it’s simple and affordable it really is. You must start training your users in proper Internet security because if you don’t, the bad guys will.

[gravityform id=”15″ title=”false” description=”false” tabindex=”1″]

Digital War

The One Cybersecurity Strategy You Need to Implement Now to Secure Your Business.

Digital War Book Download


Submit a Comment

Your email address will not be published. Required fields are marked *

More Posts

Cybersecurity Services

Ransomware Attack Simulation

Web Application Security

External Vulnerability Assessment

Internal Vulnerability Assesssment

Penetration Testing

Web Application Assessment

Managed Defense, Discover & Remediate

Working From Home

Email Security

Backup & Recovery


FTC Safeguards Financial Institutions Rule

23 NYCRR 500 DFS Compliance

Get a Free Evaluation

Fast and Easy Ransomware Risk Score Evaluation




Case Studies


Privacy Policy