To print this article, all you need is to be registered or login on Mondaq.com.
In late December, a state supreme court ruled that a cyber
insurance policy covering physical loss to electronic equipment and
“media” did not cover a ransomware attack that left
software encrypted and inoperable. The court ruled both that the
software itself is not protected “media” and that the
encryption of the software is not physical damage.
Why It Matters
If your business depends on software, your best bet for
protecting against ransomware and other attacks is a multipronged
plan. Insurance is important — make sure you know what is covered
— but so are capabilities such as redundant availability/restore
from back-up, appropriate technical security, and training of
employees on phishing and social engineering methods. There is no
single solution that can prevent an attack, but having a
combination of prevention and mitigation strategies can make a
cyber event a manageable annoyance rather than a crippling loss.
The justices rejected the company’s argument, saying that
while computer software is included in the definition of
“media,” it is included only when it is “contained
on covered media.” The justices also held that the policy
requires direct physical loss of or damage to that media containing
the software for the policy to provide coverage for the
software.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Technology from United States