Lawcovernotes December 2017

New insurance solutions for ‘BadRabbits’ and other cyber risks First response insurance to protect lawpractices against Cyber Risks “Bad rabbi ts” and other ransomware A new strain of ransomware called ‘Bad Rabbit’ emerged in late October, which spread rapidly across the internet. Bad Rabbit, like other ransomware, is a form of computer virus that encrypts the contents of a computer until a ransom is paid (or so the user is told). In this case the ransom was 0.05 bitcoins, which equates to about $300. Bad Rabbit is similar to the ‘WannaCry’ and ‘Petya’ outbreaks that crippled numerous computer networks globally, including a number of high profile companies and law practices earlier in the year. Two days after it was first identified, Bad Rabbit was still undetected by the majority of antivirus programs (according to BBC Tech) and remained an ongoing threat. The malware was distributed via a bogus Adobe flash update. Bad Rabbit is a novel example of a more insidious and increasing threat. It is not just big corporates that are at risk, so too are small to medium enterprises including law practices of all sizes. Any person or entity that is linked to the internet is at risk. The insurance market has responded to these new risks and their impact by offering tailored and responsive products. Whereas more traditional insurance products like property or professional indemnity policies respond to the aftermath of an event, cyber risk insurance is designed to activate as soon as the risk is identified. The insurer will partner with its insured to combat the risk and prevent loss, and address any consequences that cannot be avoided by immediate intervention. Integral to cyber insurance cover is immediate access to a response panel To continue the Bad Rabbit example, if the victim of a ransomware attack has a cyber policy in place, the policy response would be immediate: ^ ^ On being confronted with a frozen network and the ransom demand, the insured would call an emergency number monitored by a response team consisting of experienced lawyers (“breach counsel”). ^ ^ Once cover is confirmed, the response team would triage the claim and assess the need to engage relevant experts. In the case of ransomware, the policy would fund (subject to an excess), a team of expert IT security consultants to identify and combat the malware. At the same time, the IT security consultants would work to protect and store the insured’s data and return their network to normal operations. ^ ^ In an acknowledgment of the realities of cyber threats, the policy may also respond to the ransom demand. Ransom will only be paid with the insurers consent and after breach counsel advise that it is an appropriate course in all of the circumstances, including obligations at law. If it is determined to pay the ransom, the IT security consultants would source the bitcoins (or other cryptocurrencies) and handle payment. For public policy reasons and to protect their own interests, insurers very seldom authorise the payment of ransom. Many attacks rely on dated malware that can be purchased on the internet. The IT security consultants often have the keys to these older variants and removal takes a matter of minutes. Where more destructive strains are in issue, the IT security consultants will usually isolate the infected parts of the network and rebuild those elements from backup. 6.