Skip to main content
CAT event update
For the latest on the Turkey earthquake, please visit our event page.
Learn more
  • Select a Site Blog
    US-Global
    Canada en fr
    United Kingdom
    Australia

    By Country / Region

    • Argentina en es pt
    • Australia
    • Belgium
    • Brazil en pt es
    • Canada en fr
    • The Caribbean
    • Chile en es pt
    • China
    • Denmark
    • Finland
    • Germany en de

     

    • Hong Kong
    • India
    • Indonesia
    • Italy en it
    • Japan
    • Malaysia
    • Mexico en es pt
    • Netherlands en nl
    • Norway en no
    • Panama en es pt
    • Peru en es pt

     

    • The Philippines
    • Poland en pl
    • Singapore
    • Spain en es
    • Sweden en sv
    • Taiwan
    • Thailand
    • United Arab Emirates
    • United Kingdom
    • United States

    By Country / Region

    • Argentina en es pt
    • Australia
    • Belgium
    • Brazil en pt es
    • Canada en fr
    • The Caribbean
    • Chile en es pt
    • China
    • Denmark
    • Finland
    • Germany en de
    • Hong Kong
    • India
    • Indonesia
    • Italy en it
    • Japan

     

    • Malaysia
    • Mexico en es pt
    • Netherlands en nl
    • Norway en no
    • Panama en es pt
    • Peru en es pt
    • The Philippines
    • Poland en pl
    • Singapore
    • Spain en es
    • Sweden en sv
    • Taiwan
    • Thailand
    • United Arab Emirates
    • United Kingdom
    • United States

    Specialty Sites

    • Broadspire
    • Catastrophe Services
    • Contractor Connection
    • Crawford Blog
    • Crawford GTS
    • Crawford Legal Services
    • Investor Relations
    • WeGoLook
  • Investors
  • Careers
  • Blog
  • Subscribe
  • Login
    • CMS Portal
    • CAT Adjuster Portal
    • VTECH
    • XactAnalysis
  • Submit a Claim
    • US Claim Submission Portal
    • Text "Claim" to 877-531-4803
  • 24/7 Hotlines
    • ClaimsAlert Hotline
    • 877-346-0300
    • Transportation Claims Hotline
    • 866-420-1689
    • Submit a Claim
    • US Claim Submission Portal
    • Text "Claim" to 877-531-4803
Crawford & Company logo
  • Services
    • Loss Adjusting
    • Third Party Administration
    • Managed Repair
    • Medical Management
    • On-Demand Services
    • Catastrophe Response
    Global Loss Adjusting Preview Cards 480X270

    When loss occurs, Crawford is there with the right team, the right technology, and the right processes to help you restore and rebuild.

    Global Third Party Administration Preview Cards 480X270

    From loss adjusting to medical management to managed repair and more, Crawford delivers effective TPA solutions to save you time and money.

    Global Managed Repair Preview Cards 480X270

    Deliver a world-class experience to your customers from first notice of loss all the way through to finished repair.

    Global Medical Management Preview Cards 480X270

    A comprehensive set of clinical management programs focused on compassionate care.

    Global Wegolook Preview Cards 480X270

    Bringing the gig economy to the enterprise to deliver faster, more cost-effective results.

    Global Catastrophe Services V1 Preview Cards 480X270

    Industry-leading adjusters combined with innovations in technology and workforce management deliver value to clients when they need it most.

    Service Catalog

    Get details on all of Crawford's services in our easy-to-navigate online catalog.

    Explore our services

  • Industries

    Insurance & Risk

    • Carriers
    • Brokers
    • Corporates
    • The Lloyd's Market

    Other Industries

    • Agriculture
    • Construction
    • Entertainment and Events
    • Finance
    • Healthcare
    • Hospitality
    • Manufacturing
    • Marine
    • Mining
    • Power and Energy
    • Public Sector
    • Real Estate
    • Retail and Wholesale
    • Transportation
    Global Insurance Carriers Previewcard

    Optimize your claims processes and delight your customers.

    Global Insurance Brokers Previewcard

    Backed by our innovative array of services, you’ll always be the hero to your clients.

    Global Corporates Previewcard

    Comprehensive solutions for businesses in any industry.

    Global Preview Card Lloyds 480X270

    Exceeding expectations for syndicates, brokers, insureds, coverholders, and MGAs.

    Uk Agriculture Preview 480X270

    Understanding the ever-changing risks of the modern rural economy.

    Global Construction Previewcard

    Specialized expertise for those who build.

    Camera man filming a scene in a doctor's office

    Navigating the complex landscape of production risk.

    Aerial view of city

    Supporting the unique and ever-changing risks of financial institutions.

    Group of healthcare professionals meeting

    Delivering on our mission so you can focus on yours.

    Global Hospitality Preview Cards 480X270

    Driving efficiency, building customer satisfaction and protecting your brand.

    Batteries on a conveyor built in a manufacturing facility

    Keeping the engine of commerce running.

    Uk Marine Transportaion Preview 480X270

    Expert service in a complex, large-scale and high-profile sector.

    Mining equipment outdoors

    Global expertise for large-scale operations.

    Solar and wind farm

    Knowledge, skills and experience in energy, power generation, and renewables.

    Ornate columns outside a government building

    Innovation and data-driven efficiencies deliver value for public entities.

    Global industry real estate preview

    Exceptional service, information and reassurance in a fast-paced business.

    Delivery truck unloading at a commercial loading dock

    Managing risk in one of the world's largest industries.

    Global Transportaion Preview Cards 3 480X270

    Frictionless intake, rapid response, and comprehensive coverage.

  • Innovation
    • Crawford Technologies
    • Asservio
    • On-Demand Estimatics
    • WeGoLook
    • YouGoLook
    • 3D Property Scan
    • Digital Desk
    • Digital Assist
    • TruLook
    • Recall 360
    • Escape of Water
    Global Innovation Preview Cards 480X270 V2

    We’re not just embracing change, we’re leading it.

    Global innovation asservio preview

    Leading-edge estimate review technology that eliminates friction and ensures faster, more accurate property repair estimates.

    Global code preview

    Streamlined, accurate estimating from a single source.

    Global Wegolook Preview Cards 480X270

    Combining technology with an on-demand workforce to help businesses gather and validate information anytime, anywhere.

    Global yougolook preview 1 480x270

    Empowering policyholders to safely submit their own claims data.

    Global innovations 3d property scan previewcard

    Get a detailed report with measurements and information about the exterior of a property by taking just a few perimeter photos.

    Digital desk preview 480x270

    Access next-gen claims processing

    Global digital assist preview card

    Using Digital Assist, adjusters can quickly and easily request the individual services they need to close claims.

    Global Tru Look Preview Cards 480X270 V2

    Claims handling that adapts to your needs.

    Global Preview Recall 360 480X270

    Helping you prepare for and respond to any product recall.

    Global Escape Of Water

    Combining IoT technology with IICRC certified water loss specialists to deliver rapid and reliable response.

  • Expertise
  • About
    • Our Story
    • Our Locations
    • Leadership
    • Investors
    • Global Citizenship
    • Careers
    • Press
    • Blog
    • Contact us
    Global Our Story Preview Cards 480X270 V2

    Learn about Crawford's mission, vision, values, and the over 75 years of history that have made us who we are today.

    Global Locations Preview Cards 480X270

    With hundreds of offices and service centers around the world, Crawford is everywhere you need to be.

    Global leadership previewcard 2 480 X270

    Crawford’s strong and seasoned leadership team leverages its extensive knowledge and industry experience to drive our business.

    Global Investors Preview Cards 480X270

    Visit Crawford's investor relations website for news and information relevant to our shareholders.

    Global gcr preview 480x270

    We strive to make a positive impact on the communities in which we live and work.

    Global Preview Careers 480X270 V2

    At Crawford, employees are empowered to grow, emboldened to act and inspired to innovate. Won't you join us?

    Global Press Preview Cards 480X270

    Discover recent placements, company news and additional Crawford resources.

    Global Blog Nav Preview

    The Crawford blog publishes regularly on our people, our company and the industries we serve.

    Global Contact Us Preview Cards 480X270 V2

    We’re here to help! Team members around the world are standing by to assist you and your business.

  • Resources
  • Free Consultation
  • Home
  • Blog
  • Post
  • Blog
  • Post
  • Category:
  • All Categories
    • Company
    • Expertise
    • Innovation
    • People
    • Services
    • COVID-19
    • Legal Services

Monday, June 14, 2021

To pay or not to pay, that is the ransomware question

Blogpost 2021 q2 global cyber risk

The ongoing debate as to whether insurers are prepared to, or should, underwrite ransom payments and demands by cybercriminals continues to exercise the market. The paper explores the risks attaching to this muted shift in market practice, with specific reference to the potential impact on cyber BI claims and the ability to mitigate overall exposure.

In the GB Cyber Market Conditions Report 2021, the cyber-related business interruption was the coverage that buyers were most interested in purchasing at 68%. Cyber extortion/ransom was second in this list at 61%. The correlation between these two heads of cover is well known with disruption to operational activity now being a core modus operandi for threat actor whether that be through decryption, DDOS or stealing of data and/or intellectual property.

Some commentators have already expressed an opinion that the current “normal” coverage whereby insurers provide cover for ransom payment provides a platform for threat actor activity as the insured has little to lose by paying a ransom quickly. The risk is transferred and if they are fortunate and the decryption keys supplied by the criminals restores data and files quickly, then they and insurers gain by mitigating any BI loss. Clearly, even under the current coverage, insurers and the insured must satisfy themselves that paying the ransom makes economic sense (no point in paying a $3m ransom to reduce BI costs by $1m) but even if the initial ransom demand is not economically viable, this can often be negotiated down by professional negotiators to create a scenario whereby the payment may be economically justified.

The risk attaching to no longer covering the ransom payment will be that in, practice, it will be difficult, if not impossible, for the insurer to have any direct input into whether or not the ransom should be paid, as if specifically excluded this now represents an uninsured loss. Consequently the insured will want to base the decision on whether or not to pay the ransom on business case alone, which may place the insurer and the insured at odds. Let’s look at a worked example to see how this might play out.

ABC Ltd (the insured) suffers a cyber-attack and has a three-month maximum indemnity period. Hackers have demanded £1m for a decryption key.

The insured estimates that their BI loss will amount to £ 2m if they pay for the decryption key and are able to quickly restore their files and relevant data. If no ransom is paid they estimate their BI loss will be £4m as it will take longer to restore files and data. Under the current status quo, the ransom would be paid by insurers and insurers’ total liability will be £3m (£2m BI + £1m ransom) as opposed to £4m if no ransom is paid.

If the insured is responsible for the ransom payment/cost per a specific exclusion, would they be contractually or legally obliged to pay the ransom? From their point of view, there is little point in paying the ransom as the increased BI costs arising from not paying the ransom will be the liability of insurers. If the insured pays the £1m ransom they will potentially be out of pocket by £1m. In such a scenario, insurers would clearly want the ransom to be paid as their liability for the BI loss reduces from £4m to £2m. Could insurers use the argument that the insured has a duty to mitigate their loss and thus are required to pay the ransom? One can certainly see this argument being used but of course, real-life bears little similarity to worked examples. The truth is that in the early aftermath of a cyber-attack, both insurers and the insured will find it difficult to estimate the potential BI loss if the ransom is paid/unpaid so it would be totally understandable for an insured to inform insurers that they don’t believe payment of the ransom is economically justified, decide not to pay it, and then find several months later that the eventual BI loss is far greater than initially estimated.

A corollary of this is that the early involvement of forensic accountants to estimate potential BI exposure under various payment and non-payment scenarios becomes crucial. There may of course be other reasons for non-payment of the ransom aligned to the threat actor profile, sanctions checks or moral concerns. Research has also shown that companies who do pay a ransom are often attacked again at a later date as cybercriminals are now aware that they are a soft target or “payers”.

Given the above, it seems probable that an insured will only be keen to pay a ransom where the BI loss outside the indemnity period (and consequently uninsured) is estimated to be reduced by an amount exceeding the ransom payment. It therefore seems certain that the exclusion of ransom payments by insurers may create a situation in which an insured is unwilling to pay a ransom even though payment will substantially reduce the liability of insurers. One questions whether, ultimately, insurers will be obliged to make a “contribution” towards a ransom payment where they are the principal beneficiary even though this is specifically precluded by the policy.

There is of course a precedent for such an arrangement. In the food industry, supermarket suppliers who are unable to fulfil orders due to an insured event, such as a fire, are often hit with large “penalties” by the relevant supermarket chain. These are to compensate the supermarket for having “empty spaces” on shelves and allegedly losing sales although in reality alternative suppliers are often given a trial in such situations. Although there is usually no legal or contractual obligation to pay such a “penalty”, payment is often made to safeguard the future relationship with the supermarket. As penalties are almost always specifically excluded in most BI policies, insurers have no reason to indemnify the insured for such a payment. However, in practice, insurers often make a substantial contribution to the payment of such penalties as their own BI exposure will be significantly reduced by such payment. It remains to be seen if the exclusion of ransom payments will result in a similar sort of arrangement between insurers and the insured being arrived at.

A further possible consequence of such a move by an individual insurer is that cybercriminals will merely focus on companies whose cyber insurance policies cover the ransom payment. Cybercriminals unfortunately often gain knowledge of their target’s insurance policy so this would not be a difficult step for them to take.

In conclusion, this is clearly an innovative and positive step in the fight against cyber-crime, but it may give rise to some unintended consequences which will need to be carefully monitored and managed to avoid a potential increase in Business Interruption exposure.

To find out more about Crawford’s cyber expertise visit https://www.crawco.com/services/cyber-risk

Related posts

Blog us cyber advice ms exchange 2000x1000

Wednesday, March 10, 2021

Cyber Advice: Microsoft Exchange server attack / zero-day exploits

Read more about Cyber Advice: Microsoft Exchange server attack / zero-day exploits
Blog post covi 19 telecommuting 1000x500

Tuesday, March 31, 2020

Covid-19 : Remote working poses an elevated cyber threat

Read more about Covid-19 : Remote working poses an elevated cyber threat
Blog us cyber risk 2000x1000

Wednesday, March 24, 2021

Business operations all have one thing in common — they are all at risk of a cyber breach.

Read more about Business operations all have one thing in common — they are all at risk of a cyber breach.

Crawford & Company logo

Services

  • Loss Adjusting
  • Third Party Administration
  • Managed Repair
  • Medical Management
  • On-Demand Services
  • Catastrophe Response
  • Full Service Catalog

Industries

  • For Carriers
  • For Brokers
  • For Corporates
  • For the Lloyd's Market
  • For Construction
  • For Healthcare
  • For Hospitality
  • For Transportation

About

  • Our Story
  • Our Locations
  • Leadership
  • Global Citizenship
  • Careers
  • Press
  • Blog
  • Contact

Legal

  • Terms of Use
  • Privacy Policy
  • Cookie Policy
  • Employment Policy
  • EU Privacy Notice
©2023 CRAWFORD & COMPANY. All Rights Reserved.
  • Home
  • Services
    • Loss Adjusting
    • Third Party Administration
    • Managed Repair
    • Medical Management
    • On-Demand Services
    • Catastrophe Response
    • Full Services Catalog
  • Industries
    • Insurance & Risk
    • Carriers
    • Brokers
    • Corporates
    • The Lloyd's Market
    • Other Industries
    • Agriculture
    • Construction
    • Entertainment and Events
    • Finance
    • Healthcare
    • Hospitality
    • Manufacturing
    • Marine
    • Mining
    • Power and Energy
    • Public Sector
    • Real Estate
    • Retail and Wholesale
    • Transportation
  • Innovation
    • Crawford Technologies
    • Asservio
    • On-Demand Estimatics
    • WeGoLook
    • YouGoLook
    • 3D Property Scan
    • Digital Desk
    • Digital Assist
    • TruLook
    • Recall 360
    • Escape of Water
  • Expertise
  • About
    • Our Story
    • Our Locations
    • Leadership
    • Global Citizenship
    • Careers
    • Press
    • Blog
    • Contact us
  • Resources
  • More from Crawford
  • Investors
  • Careers
  • Blog
  • Subscribe
  • Login
    • CMS Portal
    • CAT Adjuster Portal
    • VTECH
    • XactAnalysis
  • Submit a Claim
    • US Claim Submission Portal
    • Text "Claim" to 877-531-4803
  • 24/7 Hotlines
    • ClaimsAlert Hotline
    • 877-346-0300
    • Transportation Claims Hotline
    • 866-420-1689
    • Submit a Claim
    • US Claim Submission Portal
    • Text "Claim" to 877-531-4803
  • Search for Expertise

Interested in learning more?
Get a free consultation with one of our experts.

Complete this form and we’ll get back to you at the contact details provided.