This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| less than a minute read

Software Not Covered Under Cyber Insurance After Ransomware Attack

In late December, a state supreme court ruled that a cyber insurance policy covering physical loss to electronic equipment and "media" did not cover a ransomware attack that left software encrypted and inoperable. The court ruled both that the software itself is not protected "media" and that the encryption of the software is not physical damage.  

Why It Matters

If your business depends on software, your best bet for protecting against ransomware and other attacks is a multipronged plan. Insurance is important -- make sure you know what is covered -- but so are capabilities such as redundant availability/restore from back-up, appropriate technical security, and training of employees on phishing and social engineering methods. There is no single solution that can prevent an attack, but having a combination of prevention and mitigation strategies can make a cyber event a manageable annoyance rather than a crippling loss.  

The justices rejected the company's argument, saying that while computer software is included in the definition of "media," it is included only when it is "contained on covered media." The justices also held that the policy requires direct physical loss of or damage to that media containing the software for the policy to provide coverage for the software.


data security and privacy, hill_mitzi, insights