In the wake of the surge of ransomware attacks in recent years hitting the London and international insurance markets, the Lloyd’s Market Association (LMA) in conjunction with London market insurers, brokers and industry experts has produced a bulletin setting out guidance for handling a ransomware claim incident. Our colleagues Julian Miller and Hans Allnutt provided substantial input to the drafting of the bulletin. A copy can be found here.
Ransomware is malicious software which encrypts files and systems and prevents user access to a computer system. The purpose of a ransomware attack is to encourage payment in exchange for a decryption key to regain access to the computer systems. Furthermore, it is common for the encryption of computer systems to be coupled with data exfiltration and threats to publish or sell stolen data should the victim refuse to pay the ransom. Our August 2021 newsletter contained an article on ransomware and its threats to businesses globally.
In recognition of the growing threat of ransomware and other extortion operations, the bulletin published in December 2021 aims to inform insurers of key considerations when assessing ransomware claims, and provides a structure for insureds and insurers to follow. The primary purpose of doing so is to provide assistance and guidance to a process which involves multiple parties (insured, broker, insurer, breach counsel, forensic investigator and ransom negotiator) and potentially multiple regulators in different jurisdictions so that the key stakeholders are able to follow an agreed framework. One of the many challenges in dealing with these types of claim is that decisions frequently need to be made in short order, which makes advance planning a key element of the process.
It sets out to provide guidance to those tasked with handling a ransomware incident impacting an insured or reinsured and identifies the key issues to be addressed when considering whether or not to engage with the threat actor. The bulletin also sets out specific guidance aimed at insurers’ legal, compliance and claims teams and contains further advice on, for example, the regulatory checks and investigations which should be made in order to avoid falling foul of sanctions provisions. However, Insureds are urged to seek specific advice on the legal and regulatory requirements which are specific to their individual case. In seeking to set out those steps, the LMA aims to assist insureds and brokers in ensuring that ransomware claims are dealt with in a way which avoids conflict over coverage issues.
We are encouraged to see that insurers are already referring insureds and their breach counsel to the guidance which should assist in bringing a degree of structure to the management and settlement of ransomware claims.