Cyber Insurance & Backups: Use it or Lose it
I'm the guy that actually reads the insurance policy text. So, our policy renewal arrives in the mail yesterday and I read it.
The part about "Cyber Protection" catches my eye - we are in that business after all. Intact, our insurer, offers a program they have trademarked called "my Identity". Among other things it includes up to $25K for Cyber Protection. What's that?, you might well ask….
Ok, so what is considered a 'cyber-attack' - we know what a 'car accident' is, we know whether or not a tree falling through the front porch in a wind storm is covered - but what defines a 'cyber-attack'?.
The definition answer might be in the "expenses" they say they will cover.
You get a virus, malware, infection on your home computer, or your mobile phone or your WiFi router gets screwed up - by an 'attack' either software or a person. It seems to me, the expert in technology, but not an expert in insurance adjustment or insurance law, that I now have an insurance policy that will cover the costs when I get a computer virus and have to shell out dough to get the device cleaned up, re-installed and my data restored from backup.
Huh.
I expect that, just like a car accident, the insurance adjuster has to get involved and approve the planned expenditures.
I expect that each insurer will have an approved list of vendors that they will accept.
I expect getting reimbursed won't be a walk in the park on a sunny Sunday afternoon - 35 years of working with lawyers and insurance companies had given me certainty in that regard.
But nonetheless….you have three kids, each with laptops, iPads, smart phones … and stuff happens. Sure they are careful - what kid isn't? But sometimes their stuff gets infected. You are the one schlepping to Best Buy and lining up at the Geek Squad booth, or the trying to get an appointment with the Apple Geniuses.
Sometimes even your own stuff gets infected. Sometimes the stuff on your computer is important and you actually back it up so you won't lose it. Well, cleaning and restoring appear to be a covered expenses. Nice.
Thank you insurance company.
So what is cyber extortion? - Same as regular extortion. We have taken away your access to something and, if you pay us, we might give it back.
The bad guys take away your access by somehow running an encryption program on your system or your data storage. Somehow means either they tricked you into running it or a malware program found its way onto your computer and ran itself.
The text of my policy clearly says that the insurance company WILL NOT PAY THE RANSOM.
But, they will pay for the cleanup of your system(s), restore from backups etc. It is better than a kick in the head.
Note to self - if you don't have backups and you do get hit by a cyber extortion - you are an unhappy camper. Encrypted data is lost as far as the insurance company is concerned - they will not pay the ransom to unlock it. So backups are your only path to get your data actually back.
Whether it is a cyber-attack or cyber extortion you are in a situation like a car accident. Get your insurance company on the phone while you are standing at the side of the highway and tell them you have had a problem. Maybe they can help.
Be careful out there.