A recent rise in ransomware attacks has posed a problem for organizations that haven't invested in cyber coverage, according to Reuters.
Here are four things to know.
1. Many companies do not purchase cyber insurance, since they have not been targeted by cyberattacks in the past. These policies tend to be expensive; one insurer told Reuters it charges $100,000 for $10 million in data breach insurance. Cyber insurance is most common in the U.S., which encompasses 90 percent of global cyber insurance premiums between $2.5 billion and $3 billion.
2. To address this issue, organizations without cyber insurance have been turning to kidnap, ransom and extortion policies to cover damages from ransomware, which holds systems and files for ransom. American International Group, Hiscox and the Travelers Companies, for example, have received ransomware claims in recent months, according to Reuters.
3. Policies that cover kidnapping and ransom, also called K&R policies, are typically established to account for threats to human lives. Organizations that operate across multiple countries are most likely to hold this type of coverage, since their staff may work in areas prone to violence, Reuters reports.
"There will be some creative forensic lawyers who will be looking at policies," Patrick Gage, chief underwriting officer at the specialist commercial insurer CNA Hardy, told Reuters.
4. However, K&R coverage is not as comprehensive as cyber insurance, as "pay-outs are usually lower than for a cyber policy," according to Reuters. Since K&R policies were not designed for ransomware, it's also possible an insurer won't cover it.
"Our absolute preference is that people buy specific cover, rather than relying on insurance coverage that is not specific," Mr. Gage told Reuters.