Posts

Showing posts with the label cyber insurance

Cyber Insurance paid to pay Ransomeware: Case Study & Case Law

Image
A Canadian insurance company infected by ransomware virus paid off the cybercriminals using its cyber insurance policy. Their British reinsurers, having to disburse 109.25 Bitcoins, wanted it back from the blackmailing cybercriminals. After infection, the unnamed Canadian company suffered a total lockdown of all of its systems and asked its reinsurance firm to pay the ransom so it could get back on its feet. Paying off blackmailers holding a company to ransom is never advisable, many a time it is against the local law. Despite a negotiation that made criminals bring down their initial demand of $1.2m to $950k, the decryption tool provided had to be run on each and every affected device on the company's network. It took five days to decrypt 20 servers and "10 business days" to unlock 1,000 desktop computers. Neither company was going to pay out and forget the incident. The English reinsurer hired Chainalysis Inc, a "blockchain investigations firm...

Can GDPR Fines be covered under Cyber Insurance in India?

Image
Can GDPR Fines be covered under Cyber Insurance coverage in India? By Prashant Mali,  Cyber Law & Privacy Expert. Cyber policies usually grant cover for civil fines provided that these fines are “ insurable at law ”. Where insurance for fines and penalties is available, this is usually as part of an operator’s general liability policy, although, as set out above, there is no general rule and some such policies routinely exclude such cover). In addition, prudent directors of port and terminal operators who are faced with the possibility of personal exposure to civil fines will take steps to ensure that their D&O policy will cover them if they are investigated personally.  Example Policy Terms Insurance coverage is available for fines and penalties. A popular form of cyber insurance includes, as an item of covered loss: [C]ivil fines or penalties imposed by a governmental agency and arising from a Regulatory Action, unless the civil fin...