Policyholders and, in turn, cyber insurers have been facing more frequent ransomware attacks. As a result, cyber insurers may try to recoup losses they cover by subrogating against parties that may be responsible for allowing the ransomware attack to occur. Because policyholders are often obligated under their policies to assist the insurers, they should consider the following tips:

  • Policyholders must pay attention to insurance provisions in service contracts with customers and vendors—especially “waiver of subrogation” clauses. If policyholders waive subrogation rights in contracts and do not align those contracts with the requirements of their insurance policies, they risk violating a cooperation clause, which could lead to the inadvertent forfeiture of coverage.
  • Policyholders should document all precautionary security measures they take before an attack and provide immediate notice of a claim to their insurers. This self-protection is critical: in a later subrogation action against a third party filed after the loss, the third party will inevitably try to shift responsibility to the policyholder.
  • If your company is a service provider that has access to its customers’ confidential information, the company should regularly test any notification systems to alert customers of security vulnerabilities and establish sufficient contingency plans. Even if the customer may not sue the service provider for negligence if the provider’s services lead to a ransomware attack, these precautionary measures may help to defend against the subrogation action that the insurer may still try to pursue.