Despite attempting to deny the claim revolving around a 2016 ransomware attack, a recent court ruling has caused an Ohio insurer to help cover the losses.
We’ve heard this story a few times before in the news; company X has a ransomware attack, they put in a claim with insurer Y, and the insurer denies the claim. Seem all too familiar. In the case of National Ink & Stitch, a Maryland screen printing business, the 2016 attack left them unable to access needed operational data on their servers. Even after paying the ransom, an additional ransom was demanded, causing the victims to seek help from a security firm to help remediate the situation.
A claim was placed into State Auto Property & Casualty Insurance in the amount of $310K for “direct physical loss of or damage” to property including stored media files. But State Auto denied the claim, saying “files” aren’t a physical loss.
But the recent ruling by Judge Stephanie A. Gallagher, of the U.S. District Court of Maryland found that the policy language did not support State Auto’s position that National Ink & Stitch’s computer systems “require an utter inability to function.”
While good news for insureds, it’s important to understand what exactly is covered by your cyber insurance policy. In the State Auto case, this came down to an interpretation of words in the policy – this demonstrates how crucial it is to go over with your insurer what scenarios are covered rather than simply thinking because you have a policy, you’re covered.