Businesses are being urged to study the small print of their cyber insurance policies after reports that leading provider Hiscox is refusing to cough up for millions of pounds’ worth of damage caused to top law firm DLA Piper by the 2017 NotPetya ransomware attack.
The malware exploded across the world in July 2017, taking out computers at firms including TNT Express, WPP, Mondelez International and Reckitt Benckiser, with system meltdowns wreaking havoc across their operations.
The attack reportedly wiped out DLA Piper emails and telephones for 3,600 lawyers in 40 countries for two days, preventing them from accessing documents, which in turn meant they had to postpone work, including on court cases. The legal firm represents many of the world’s top brands, such as Apple, Pfizer, Ford, GE Healthcare, Sony, Citigroup, JPMorgan Chase and Adobe.
According to The Times, DLA Piper is now bringing a case against Hiscox – whose strapline boasts “expect the best” – for refusing to pay out on the claim.
A source close to the law firm told The Times that Hiscox may have blocked payment because of a “war exclusion” in the law firm’s cover. The exclusions are built into insurance policies in order to protect insurers in the event of an act of war such as an invasion or terrorism, which could lead to a number of expensive claims.
However, a source close to Hiscox said that the dispute centred on the type of insurance cover the law firm had. Both DLA Piper and Hiscox have declined to comment.
The case is thought to be one of the first major legal disputes in the UK over recovering the costs of a cyber attack.
One cyber security expert said: “This case will make businesses want to examine their insurance policies extremely closely. Insurance policies have very specific requirements around how a company has to behave in the event of a cyber attack, which often boards forget about in a crisis situation.
“The market for cyber insurance has exploded but companies are treating signing a policy like a tick-box exercise and there is no guarantee they will be able to claim against them, given the rate at which cyber attack risks are changing.”
According to the Cyber Insurance Market Report, published by Allied Market Research, the global market is expected to be worth $14bn (£10.6bn) by 2022, with a compound annual growth rate of nearly 28% during the period 2016-2022.
However, the number of cyber attacks has rocketed in the past 12 months, according to The Cyber Threat Report from SonicWall, which shows that 10.52 billion malware attacks were registered in 2018.
Top tourist attractions hit by 110m data theft attacks
Half of UK firms would pay ransom to avoid GDPR fine
Over 40% of firms suffered cyber breach in past year
Firms warned over new wave of nefarious cyber attacks
TNT Express rocked as cyber attack wipes out $300m
WPP hit as new ransomware attack wreaks global havoc
UK firms ‘leaving themselves wide open to ransomware’