Cybersecurity » How Insurers Can Refuse To Cover Hacker Payments

How Insurers Can Refuse To Cover Hacker Payments

Keyboard in shadows, with a white "thumbs down" image on one of the keys.

April 18, 2023

Insurers sometimes make the argument that paying ransomware or putting out money after falling for an email scam do not constitute “direct lost” and therefore are not covered, according to a post on the Ervin Cohen & Jessup website. The contention of the carrier would be that such losses are “occasioned through some action by the company.” In addition, some policies specifically exclude coverage when “any transfer, payment of or delivery of Money, Securities or Property [is] approved by an Employee…”

There have been cases supporting this type of argument, the writer notes, but more recent cases have been more friendly to insureds. Those include a recent case involving a ransomware payment, and a case where the Ninth Circuit, reversing a district court, held that an accounts payable clerk’s processing of a payment to a scam recipient, at the behest of a party who was impersonating her superior, did constitute a direct loss from fraud.

Share this post:

Find this article interesting?

Sign up for more with a complimentary subscription to Today’s General Counsel magazine.