K&R, cyber policies can cover ransomware hitsReprints
Ransomware coverage is available in both cyber liability and kidnap and ransom policies, although it may take some analysis to determine the best combination of coverage, say experts.
Dan Twersky, New York-based claims advocate and cyber claims leader for FINEX North America with Willis Towers Watson P.L.C., said the brokerage tries to structure the coverage so that a K&R policy, which almost always has no deductible, is the primary insurance, with a cyber policy providing excess coverage.
Adam Cottini, managing director of insurance and risk management in North America at Arthur J. Gallagher & Co. in New York, said he asks his clients to look at and coordinate cyber and K&R coverages in making their purchasing decisions.
“We’re seeing some carriers taking K&R policies” and sublimiting the cyber pieces of the coverage, he added.
“Be careful of that,” because “you might want to purchase” cyber extortion coverage as part of the cyber coverage to take advantage of these policies’ higher available limits compared with those in K&R policies, he said.
“Most K&R policies have historically provided extortion coverage” even before cyber “was on most risk managers’ radar,” said Joshua Gold, a shareholder with Anderson Kill P.C. in New York.
But “lots of people don’t actually buy K&R coverage,” although “it never hurts to have that coverage updated and perhaps expanded in policies,” he said.
And policyholders with K&R coverage should be sure their policies are “written broadly enough to cover some of the most likely extortion claims out there from a cyber context,” he said.
Experts note that ransomware demands generally falls within cyber policy retentions because of the relatively small amount usually demanded.
The real value of these policies is the consulting help they provide, these experts say.