On Friday, May 12, 2017, a massive ransomware attack infected over 75,000 computers in 99 countries. It is likely that some of our clients have been impacted, and the attack continues to spread.

This malware, called “WannaCry,” locks out users, and threatens to destroy data, unless the victim pays a ransom. The initial ransom demand was $300, to be paid in bitcoins, and it is reported that the demand is increasing. It is unclear whether the ransom payment will buy the freedom of a single computer or an entire network. If the former, the attack may prove very expensive if companies agree to pay the ransom.

Companies impacted by this cyber attack should immediately review their cyber insurance policy if they have purchased one. Many cyber policies offer ransom or extortion coverage, which includes the cost of the ransom payment. Cyber policies also typically provide coverage for the cost of investigating and responding to a ransomware attack and for lost business income arising from the attack.

Timing is very important. Most cyber insurance policies provide coverage only for costs incurred after the insured notifies the insurance company. Therefore, the costs that business are incurring this weekend to respond to the WannaCry attack, including ransom payments, will not be covered unless the business provides notice to the insurance company prior to incurring the payment. Some policies also require that the policyholder inform the applicable law enforcement agency and obtain the insurer’s consent before making any ransom payment. Therefore, despite the urge to move swiftly in response to this crisis, we recommend policyholders understand and comply with the notice provisions of their policies in order to insure to preserve their right to insurance coverage.