Insure Your Future: Ransomware Insurance

March 11, 2020
Is your integration business in position to withstand an attack?
"Insure Your Future" is a new quarterly column in Security Business dealing with trends in the insurance industry.

Security reports revealed dramatic increases in ransomware attacks in 2019. There have been high-profile attacks against government entities and hospital systems that have made headlines, but no industry is immune. Even small businesses – including security integration firms – have been targeted, and the one in five SMBs who fall victim to attack have a better than 60% chance the attack will put them out of business.

As security professionals, you all know about the problem. A quick Google search or a perusal through the pages of magazines like this can reveal tips and tactics to avoid being crippled by ransomware. The short list would include keeping software and operating systems updated with the latest patches; never opening attachments in unsolicited emails; and backing up all your data in a separate, offline server or storage device.

Adding Insurance

To protect their own business first, security integrators, should take an additional step, in the form of insurance. A properly placed insurance program can cover the cost of paying these ransoms and eliminate the need for your organization to have to obtain cryptocurrency on its own to pay the attackers. Given that there has been a significant increase in the amount of currency demanded by hackers, more and more companies are choosing not to pay. This option means downtime, loss of income and extra expenses can be significant; thus, it is imperative that a company’s insurance program is properly structured to provide as much coverage as possible for business income and extra expense losses.

An organization also has the option to hit the reset button in order to restore and/or recreate its network, which can include the data that was encrypted and replacement of the infected hardware. An insurance program can reimburse an organization for lost income and reputational harm that is experienced during this time of restoration.

Carriers can vary widely in this space. One of the main factors is the definition of “period of restoration” and its trigger. Some policies trigger at the time of an event and last 30 days to 180 days on average; others may have the same timeframe, but the clock does not start ticking until the company is fully back to operational. As getting back to fully operational can take a company in excess of 12 months in some cases, having the trigger for the period of restoration be the point a company is fully back to operational as opposed to when the “event” is discovered can mean the difference in millions of coverage being applicable.

How much coverage is one dilemma that must be solved on an individual basis. Integrators should use a similar business income worksheet that they use on their property insurance to determine what their losses could be. If their systems are locked up for a period of time, how much lost income and extra expense could they incur during this time? That is a good starting point.

Liability Coverage

Beyond protecting the business internally, insurance can also protect an integrator’s business if someone inadvertently infects a customer’s network, in which case, the integrator’s cyber and/or professional liability policy would respond.

“An integrator’s general liability policy will have an exclusion for negligent behavior by the integrator; in fact, there is a cyber and professional liability exclusion in the general liability policy, which is why we require our customers to purchase those two policies separately,” explains Wayne Dean, VP of McGriff Insurance Services (

 “Integrators should always review the details and exclusion forms in their policies,” Dean adds. “Additionally, I would always recommend that integrators make sure their general policies also cover work done by their subcontractors, which is one of the biggest mistakes integrators make when purchasing general liability policies. This also goes for their cyber and professional liability policy. Integrators should also seek certificate of insurance from their subcontractors showing they themselves carry the required coverages.”

Erin Burns Walters is an EVP at INSUREtrust LLC, a wholesale insurance brokerage specializing in Cyber Liability. Learn more at

This article originally appeared in the March 2020 issue of Security Business magazine. When sharing, don’t forget to mention @SecBusinessMag!

About the Author

Erin Burns

Erin Burns, MLIS Executive Vice President, Head of Brokerage INSUREtrust (

Erin is an Executive Vice President of INSUREtrust and joined the company in 2019. She is the Head of Brokerage operations and has a specific focus on INSUREtrust’s national cyber & technology clients.  As a part of INSUREtrust’s leadership team, she strategizes to help ensure INSUREtrust’s products, services & solutions stay ahead of the market and competition.

Erin has more than 19 years of experience in the insurance industry as a broker for management and professional liability. Prior to joining INSUREtrust, Erin was a National Practice Advisor in the USI Executive & Professional Solutions practice where she served as an in-house resource and specialized in professional liability, technology errors & omissions and cyber liability lines of coverage. To start her career she worked as a broker at Marsh USA, Inc. in their FINPRO division for eight years followed by five years as the Virginia Executive Risk Practice Leader for RCM&D, Inc.

Erin has participated on the panels of various seminars and webinars discussing network security and privacy for all industry classes.

Erin holds a Bachelor of Science in Finance with a concentration in Risk Management and Insurance from Virginia Commonwealth University in Richmond, VA (magna cum laude).

Erin received her Management Liability Insurance Specialist (MLIS) designation in April of 2013.