On May 7, 2021, a cyber-attack shut down Colonial Pipeline, the largest fuel pipeline network in the United States, for multiple days. The hackers requested nearly $5 million in ransom after the attack. However, according to Reuters, Colonial Pipeline had cyber insurance policies, which may have saved the company from paying the ransom and other expenses associated with the costly cyber-attack.
As cyber-attacks have become increasingly common, many companies have fallen victim. While attackers previously required relatively small amounts of ransom payments, in recent years the ransom prices have escalated to nearly $2 million on average. Due to this increased threat, policyholders should consider obtaining cyber insurance to protect their companies.
Generally, cyber insurance covers ransom costs and other costs associated with ransom or extortion threats, such as the cost to hire a security firm and staff to negotiate with hackers. In addition to ransom costs and expenses, most cyber insurance policies cover more general expenses that occur as a result of the cyber-attack including costs for investigation, costs for legal fees and other professional advice, and costs for overtime salaries for employees. Many cyber insurance policies also cover business interruption losses due to the cyber-attack.
When considering cyber insurance, policyholders should discuss options with trusted coverage counsel in addition to their broker. Cyber insurance is relatively new, and therefore is less standardized than some other forms of insurance. Thus, cyber insurance policies may vary greatly in coverage. Coverage counsel can help policyholders assess their risks and decide which cyber insurance policy is best for them.