Ransomware is one of the rising scourges of the business world, with approximately 50% of U.S. companies reporting being hit with a ransomware attack in the past year, according to a recent study. According to the FBI, a 2016 ransomware type that uses unbreakable key-based cryptography compromised an estimated 100,000 computers a day. New ransomware variants are appearing constantly, and companies need to prepare for the possibility of being victimized by this particular type of cyber-attack. The FBI, as well as other security professionals, has recommended a widely accepted, multifaceted preparation strategy—which includes having key insurance coverage in place—that reduces risks and decreases recovery time. Please click here to read an overview of this strategy that appeared in Law360, authored by Orrick’s Darren Teshima and Aravind Swaminathan.
Cyber criminals posing as company executives have successfully made off with millions from company coffers by tricking company employees into sending them the cash. Insurers are increasingly taking the position that this type of fraud is not covered under cybercrime policies.
As we recently discussed in a client alert, in a “Business E-mail Compromise” or “BEC” scam, criminals identify and target employees at a company who are responsible for transmitting the company’s money. An impostor then poses as a high-level executive and contacts a mid-level employee via e-mail, directing that employee to transfer company funds to an external bank account (that is usually overseas). By the time the employee—or the company—realizes that this “boss” is not his or her actual boss, the funds are long gone. According to the FBI, BEC scams have claimed nearly 2,000 victims and almost $215 million since 2013. While it would seem that the losses stemming from such a scam should fall squarely within a company’s cybercrime policy, insurance companies may disagree.