By Asher de Metz
When you read about the legal battle between food manufacturer Mondelez and its insurer, Zurich American Insurance, it really makes you stop and think, “What is the point of cyber insurance?”
Back in June 2017, Mondelez was among the international corporations hamstrung by the NotPetya ransomware. The attack took out 1,700 of the company’s servers, 24,000 laptops and left it with over $100 million in damages.
Mondelez filed a claim with Zurich, citing the policy covers loss brought about by the “malicious introduction of machine code or instruction.”
In June 2018, after the White House had attributed the attack to Russia’s continued attempt to destabilize Ukraine, Zurich rejected the claim based on an exclusion in the policy that says it doesn’t cover loss stemming from “hostile or warlike action in time of peace or war … by any government or sovereign power, military, naval or air force, or agent or authority of any party specified above.”
Mondelez responded by suing Zurich for $100 million.
This leads us back to our original question – what is the point of cyber insurance? The answer is actually quite simple: Cyber insurance is important, but you should also do everything in your power to avoid ever filing a claim. Here’s what every company should do before buying cyber insurance.
Do not become disillusioned because of what’s happening between Mondelez and Zurich. Having cyber insurance could make the difference between a small company going belly up after an attack and living to fight another day. Cyber insurance is about protecting a company from a major loss. That cannot be overlooked.
However, just because cyber insurance is essential, doesn’t mean it should be your first or only line of defense. Instead of focusing on the potential financial implications of a cyberattack, turn your attention to the steps you need to take to prevent an attack to begin with.
Mondelez is just one global organization caught unaware by ransomware. Merck, Maersk, FedEx, and even England’s National Health Service (NHS) are just a few of the companies that have been hobbled by WannaCry, NotPetya, and other ransomware. Yet defeating ransomware is relatively simple if the right systems are in place.
Before you become the next victim, take care of basic security measures by doing the following:
There’s nothing wrong with getting cyber insurance. In fact, it’s probably a good idea. Make sure you know exactly what’s in your policy, play close attention to the fine print and be thorough and diligent while examining all documentation. But before taking that measure, turn your attention to the most important precaution of all: basic security.
If you don’t make sure that all your “windows and doors” are properly locked, insurance won’t matter. Remember, there’s no reason to risk putting your fate in someone else’s hands when you have the power to prevent disaster from the start.