Skip Repeated Content

Chicago Partner Christian Auty and New York Counsel Charlene McHugh were quoted Feb. 12 by Law360 on the continuing debate over whether to pay cybercriminals who lock an organization’s computer system or steal data. A recent study by security firm PurpleSec put the global cost of ransomware in 2020 at roughly $20 billion – an all-time high – while regulators continue to warn against paying ransomware attackers. “Truth be told, sometimes paying a ransom is the most pragmatic course of action,” said Auty, co-leader of BCLP’s global Data Privacy & Cyber Security Team. To help minimize damages, attorneys who advise cyberinsurers say insurance companies have already started requiring clients to fill out detailed questionnaires about their cybersecurity precautions before writing coverage. “Insurance companies will work with insureds to incentivize preventing ransomware attacks, or clients will lose coverage if they cannot sustain their promises,” said McHugh, whose practice focuses on insurance and reinsurance. “None of [the U.S. regulators] have said, ‘Thou shalt not pay ransom.’ They realize that the industry is not ready yet for an outright ban.”

This document provides a general summary and is for information/educational purposes only. It is not intended to be comprehensive, nor does it constitute legal advice. Specific legal advice should always be sought before taking or refraining from taking any action.