In late December, a state supreme court ruled that a cyber insurance policy covering physical loss to electronic equipment and "media" did not cover a ransomware attack that left software encrypted and inoperable. The court ruled both that the software itself is not protected "media" and that the encryption of the software is not physical damage.
Why It Matters
If your business depends on software, your best bet for protecting against ransomware and other attacks is a multipronged plan. Insurance is important -- make sure you know what is covered -- but so are capabilities such as redundant availability/restore from back-up, appropriate technical security, and training of employees on phishing and social engineering methods. There is no single solution that can prevent an attack, but having a combination of prevention and mitigation strategies can make a cyber event a manageable annoyance rather than a crippling loss.