United States: Announcing ‘Cyber Insurance Risk Framework,' NY DFS Joins OFAC In Discouraging Carriers From Making Ransomware Payments
Samantha V. Ettari , Daniel Rabinowitz , Arthur Aufses III , Alan Friedman , Austin Manes and Eva Tanna
Ransomware threats and attacks dominated the cyber news cycle in 2020 and into 2021. With the global pandemic and the uptick in remote work and learning, cybercriminals and nation-state hackers have seized on vulnerabilities in data security infrastructures to wreak havoc and to make money — in the form of cryptocurrency. Not surprisingly, the need and demand for cyber insurance are simultaneously on the rise, and insurance policies that provide coverage for the payment of ransomware are of increasing interest and demand. But federal and state regulators are simultaneously focused on ransomware and how to combat its crippling effect on business. To that end, regulators have increased their guidance around the payment of ransomware and generally discourage its payment. This creates a conundrum for companies and their carriers — what to do when critical infrastructure is locked up, data is inaccessible and business interruption costs (and claims) are mounting in the face of a ransomware demand that likely has a deadline before the keys are ostensibly tossed and the data lost — to pay or not to pay? In this alert, Kramer Levin's multidisciplinary insurance, privacy and regulatory team unpacks the most recent regulatory guidance, and particularly how insurance providers should approach ransomware coverage and payment.
DFS Circular Letter
Last week, on Feb. 4, 2021, the New York State Department of Financial Services (DFS) issued new guidance concerning cyber risks ...