For how long will a ransomware attack knock out your client’s operations?

Companies in Canada and the United States can expect one week of downtime as a result of a ransomware attack, speakers said at NetDiligence’s recent Cyber Risk Summit in Toronto.

“A decryption effort, even in the best case scenario, is not an instantaneous thing,” said Michael Phillips, claims manager at cyber insurer Beazley, during a session titled Claims & Losses Update on February 23. “You’ve acquired the bitcoin, you’ve had the forensic investigator go in, and you’re trying to unwind what has been done to you – it’s not an instantaneous thing by any means.”

Madeline Dinnissen, claim director and team lead at Chubb, added that “one week of downtime is horrible, but that’s sometimes what we see in the best case scenario.”

Where cyber coverage is concerned, ransomware is unique because it involves multiple intertwined components – privacy, cyber extortion and business interruption (BI). Regarding privacy, there is a “possibility that the bad guy, in addition to encrypting data, has taken data or otherwise subjected it to unauthorized access of use,” Phillips said. “It’s locking up the data, so there’s the cyber exortion element. But oftentimes this means your systems are down, or your vendor systems are down, and your supply chain is unavailable to you; as a result, the company is suffering a business interruption.”

There are multiple triggers for cyber BI and it’s not always a hacking event, Phillips noted. “It’s also that inadvertent human error, that system failure, that could trigger a cyber business interruption as a loss.”

For cyber BI, “damages are almost more certain sometimes in a business interruption context,” Dinnissen said. Those facing this type of risk will definitely have first-party costs – very expensive forensic costs – but also potentially third-party damages, or claims brought by customers or other victims of the cyberattack. “As a claims adjuster, we keep that in mind when adjusting those claims,” she said.

Mark Greisiger, president of NetDiligence, told delegates that companies with cyber coverage in place “recover much faster.” Insurance companies have “tiger teams that they have already vetted, so the clients are getting access to [those] that have preferred rates in place… and act on a moment’s notice. Talking to forensic accountants who we use to help customers value business interruption loss, they say anecdotally the same thing: having the relationships in place, where you have them upfront in your plan or through your carrier, is key.”