On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN) released advisories addressing financial crime-related risks associated with ransomware and ransomware payments.
While cyber extortion, ransom payments, and OFAC violations are nothing new, the advisories come at a time when ransomware losses are at an all-time high. The McGriff claims team has seen cyber claims rise year over year by 143%. More evidence:
Especially when you consider the reality of remote work prompted by the pandemic, it’s clear that ransomware is an increasing threat to businesses and an opportunity for bad actors.
While the OFAC advisory may not drastically change the decision on whether or not to pay a ransom demand, it does raise awareness around the diligence process, incident response plans, and insurance considerations that are critical to ensuring a payment is not made to a person or organization on the Specially Designated Nationals and Blocked Persons List (SDN). OFAC may take into account the adequacy of a company’s OFAC compliance protocols when determining the severity of a fine or penalty for payment to a prohibited person—and also may not have the flexibility to make exceptions on payments to sanctioned organizations, even if doing so is critical to the survival of the business.
Proactive measures to address OFAC compliance in a ransomware incident
The OFAC advisory does not address cyber insurance policy coverage, but consider the following for a more positive outcome following a ransomware attack:
What’s ahead in the cyber insurance marketplace
The increase of ransomware, cyber extortions, and resulting losses has had a hardening effect on the cyber insurance marketplace. While increased scrutiny around ransom payments and perhaps a more aggressive expansion of the OFAC-prohibited persons/entities list could lead to fewer ransomware events in the future, the restrictions on ransom payments to prohibited persons is likely to lead to larger insurer losses in the short term.
As the cyber marketplace continues to harden, policyholders should be prepared for premium increases on renewal terms and increased scrutiny in the underwriting process. This is especially true for the viability of data backups, network segmentation, remote access protections, phishing awareness campaigns, privileged access management, business continuity and disaster recovery, multifactor authentication, and other security controls. Some carriers are already signaling that they plan to limit their ransomware exposure and are considering sublimits, coinsurance, and longer waiting periods. We must emphasize that the best plan of action is to do everything possible to reduce both the likelihood and severity of a ransomware event. Loss prevention, even when expensive and inconvenient, is worthwhile.
Learn more
To learn more about McGriff’s cyber coverage options, please contact:
Suzanne Gladle
Executive Risk Advisors
Senior Vice President, Cyber Practice Leader
404-497-7515
sgladle@mcgriff.com
To learn more about McGriff Executive Risk Advisors, please contact:
David Sellars
Executive Risk Advisors
Executive Vice President, Co-Division Leader
404-497-7582
dsellars@mcgriff.com
Dusty Cahill
Executive Risk Advisors
Executive Vice President, Co-Division Leader
404-497-7537
dcahill@mcgriff.com