The LMT Blog

James Keeler

Recent Posts

Ransomware + Data Breach Attacks = Expensive Incident

Apr 28, 2020 11:04:31 AM / by James Keeler posted in IT, Ransomware, Cybersecurity, Email Compromise


The Maze group, which is behind the relatively new REvil/Sodinokibi ransomware, has doubled down on the malicious functionality of their malware. The ransomware now exfiltrates large amounts of live data before encrypting the victim’s systems; and the Maze group threatens to dump that data online if the victims don’t pay. Not wanting to be left behind in how much damage they can do and potential money they can extort from businesses, other cybercriminal organizations are starting to jump on this bandwagon as well, including the LockBit ransomware developers.This means that whereas before “ransomware was just ransomware” (which is a bad enough crisis for a business), now it also must be considered a potential data breach, requiring all of the costly and potentially embarrassing notifications, forensic investigations, legal costs, and disclosure involved in that process. Also, if you’re in NYS, don’t forget about SHIELD data breach notification requirements.

If you’re not already doing everything you can to prevent these kinds of attacks from victimizing your business, the potential costs of an incident have just increased exponentially. Insurance and good backups are no longer good enough to weather the business disruption of a ransomware incident.

Read More

Cyber Insurance Limits: How Much is Enough?

Feb 11, 2020 11:15:20 AM / by James Keeler posted in IT, Cyber-Security, #cyberinsurance, Cybersecurity


In Part I of this two-part series “Cyber Insurance – Have You Read the Fine Print?” we wrote of the importance of carefully reviewing clauses when it comes to your Cyber Insurance policy. If you haven’t read the article, take a look here for some great insight into some seldom-known facts.

Read More

Are You Ready for the NY SHIELD Act?

Oct 30, 2019 9:38:45 AM / by James Keeler posted in IT, Cyber-Security


Read More

Cyber Insurance Clauses - Have You Read the Fine Print?

Sep 10, 2019 12:12:00 PM / by James Keeler posted in IT, Cyber-Security, #cyberinsurance


A client recently reached out to me about their Cyber Insurance coverage asking if the coverage limits looked reasonable. Since Cyber Insurance is a new insurance product, it’s no wonder that there is a lot of mystery around these policies. Let’s take a look at some insights that can help you ask the right questions and make the correct choices for your business when it comes to Cyber Insurance.

Ransomware attacks and data breaches are all over the news; naturally businesses are interested in acquiring coverage to help protect themselves financially from these threats. When evaluating Cyber Insurance, most businesses focus on coverage limits. However, the biggest concern is reviewing the actual policy clauses rather than just the coverage limits. You can have a $5 million policy, but if the claims are denied due to unnoticed clauses in the policy, then the coverage limit doesn’t really matter. The devil is in the details.

Key Items to Look for in a Cyber Insurance Policy:

  • Cyber Extortion/Ransomware
    Does the policy only cover the ransom payment, or do you have an option to resolve the incident without paying the ransom and have those costs covered?

  • Data Loss & Recovery
    Are lost productivity/business losses covered in the event of malware erasing your files? Are data recovery costs included in the coverage?

  • Civil Suit Coverage
    Is reimbursement for defending against civil suits brought by victims of fraud or identity theft resulting from a breach of your business’s data covered?

  • Fines & Breach Notification
    Are regulatory fines (HIPAA, NYS DFS, etc.) and/or the costs associated with disclosing, notifying, and providing credit monitoring for victims whose data was lost in a breach of your business data covered?

  • Cyber Terrorism/Act of War Coverage
    If a cyberattack is deemed to be the result of a foreign government or terrorist group’s action, will it still be covered? What is the threshold for this determination?

  • Actual Financial Loss & Remediation and Investigation (value of cash/goods lost due to fraud & IT and legal professional costs)
    Are both of these items included in coverage, is it an either/or, or is only one side of this covered?
  • Exclusions
    Some policies exclude anything that originated from Social Engineering or that might be covered under your general Business Insurance policy. What specifically is not covered under the policy?

Not all policies offer the same coverage and it’s important that you carefully review this new product with your insurance agent to make sure you’re financially protected in the manner you’re expecting. Your Cyber Extortion policy may only cover paying the ransom (which may or may not actually result in restoration of your files) and may not cover the cost for IT professionals (like LMT) to restore data from backups. If that’s the case, you’re gambling that the criminals victimizing you have purchased or written ransomware that can actually restore all your files. There are a large number of reasons the criminals behind the ransomware may not be able to restore the files – see our previous post “Should I Pay the Ransom?” for more details on these.

Read More
Share on Social: