Live Webinar 11/20: SMB Cyber Survival Guide 2025

Coalition coverage: So you’ve been hit with ransomware — what is covered?

Featured Image for Coalition coverage: So you’ve been hit with ransomware — what is covered?

The last thing you want is to have your business disrupted by a security failure. This series explores Coalition’s coverage and how it can help your organization in the event of a claim. However, insurance coverage can vary depending on different underwriting factors. The following descriptions are intended to provide a generalized summary of coverage offered by Coalition’s cyber insurance policy. You should review your Coalition cyber insurance policy for specific details about your coverage. If you are not a policyholder, you can speak to one of our brokers today for more details.

Cyber risk is one of the great equalizers of our times, threatening organizations large and small regardless of their industry. One major threat is ransomware, a criminal business model in which the cyber attacker seeks financial gain by holding their victim’s data hostage and threatening the public release of this data. In fact, ransomware is growing in frequency and severity. A critical aspect of addressing cyber risks (like ransomware) is understanding the coverages under your cyber insurance policy. Coalition was created to offer a holistic solution to cyber risk, which includes the broadest coverage available.

Coalition’s Most Popular and Comprehensive coverage bundles include several first-party coverages that help remediate a cyber incident. For example, our Cyber Extortion, Breach Response, and Digital Asset Restoration coverages can help get your business back up and running as quickly as possible after a ransomware event. Additionally, our Comprehensive bundle includes Bodily Injury and Property Damage that can protect your business from interruptions that may result from equipment failures due to damage resulting from a security failure.

Cyber extortion: when you have no choice but to pay a ransom

Ransomware is a lucrative criminal business model. According to our H1 2021 Claims Report, from the first half of 2020 to 2021, the average ransom demand made to Coalition policyholders increased nearly threefold, from $450,000 to $1.2 million per claim. After exhausting all possible options to restore operations, many organizations face the difficult decision to pay the ransom and begin the recovery process. However, paying what is usually an exorbitant fee is untenable for many businesses.

Fortunately, if a Coalition cyber insurance policyholder is subject to a cyber extortion incident, the costs involved in responding to such an incident, including the payment of money, securities, and even virtual currencies, are generally covered. Additionally, as part of the incident response process, Coalition Incident Response (CIR) will make contact with the threat actor and work to mitigate the risk and exposure to your business, including negotiating a reduction in requested funds. For one policyholder in the healthcare industry who was hit by the HelloKitty ransomware, we were able to negotiate the demand down by nearly 75% from $750,000 to $200,000.

If your organization is experiencing a cyber incident, Coalition’s team of in-house security experts is available 24/7/365 to help you recover. If you believe you have been infected by ransomware, contact Coalition immediately for breach assistance.

Coalition’s experts respond quickly to start the risk mitigation and recovery process

Realizing your business has become the victim of a cyber incident can feel overwhelming. Many business owners and teams aren't sure where to start, what to do, and how to keep their business operational. Our policyholders can simply contact Coalition and our in-house claims team and digital forensics experts will be able to respond in minutes, not days, to take risk mitigation steps and begin the recovery process. Our claims team includes privacy and data breach attorneys who generally assist with the claim or incident remediation.

Tip: All policyholders with an issue, please call 24x7 toll-free at +1 833 866 1337 or email claims@coalitioninc.com as soon as you think your business has been the subject of a cyber attack or incident. The sooner, the better.

Data restoration

Typically, a ransomware attack involves encrypting or deleting some or all of an organization’s critical information or data. Coalition always recommends using both on and off-site backups for storing essential data. We also recommend using offline backups to store essential data completely separate from the primary network, not cloud backups. The old-school method of offline tape backups is often the best alternative since the attacker cannot touch those copies unless they are physically present with the hard drive.

Our claims team has seen that onsite software backups are, by far, the least effective due to many onsite backups using the same credentials as the compromised network. The attackers can log in to the backup software using passwords they stole and delete the copies. Alternatively, if the onsite backups are local copies on the network, the attackers can learn the location and encrypt or delete them. Thus, in some instances, if a business has maintained good offsite backups, our incident response team may be able to restore a business’ critical data without paying the ransom.

However, the process to recover and restore business operations, even when system backups are readily available, can be complex and time-intensive, and some subset of data may be unrecoverable. Most often, databases and complex, large files that are in use or opened at the time of encryption become corrupted. Coalition’s cyber insurance policyholders can expect any costs to replace, restore, or recreate their impacted business’ digital assets that are damaged or lost will be covered.

Business interruption and extra expenses

We can help you recover by restoring backups or paying a ransom to get a decryption key. But, unfortunately, a ransomware attack can still negatively impact your business by preventing you from accessing some or all of your critical systems and data until the restoration is complete. As a result, you may experience lost sales revenue, overtime expenses for IT staff and other employees using manual workarounds or increased costs to source materials from alternative sources. Thus, for many victims of ransomware attacks, the impact of these business interruptions and extra expenses can far outweigh the cost of paying the ransoms themselves. But the good news is, if you are a Coalition cyber insurance policyholder, we can cover these too.

Here’s another example of how our insurance offers critical coverage for organizations in need. One morning, a Coalition policyholder in the manufacturing industry received an alert that the network at one of their plants was having issues. They quickly realized they were the target of a ransomware event and contacted Coalition. While Coalition’s claims and digital forensics teams got to work on remediation, the business’ systems downtime resulted in property damage, including irreparable harm to some of their machinery. However, with Coalition’s cyber insurance coverage, the manufacturer was covered for costs resulting from business interruption, including repair costs to their impacted machinery.

Protect your business: get insured

Coalition offers comprehensive coverage for the cyber risks facing businesses today. Cyber insurance is a key factor in addressing and mitigating cyber risk. It can help reduce any exposure and impact and quickly facilitate remediation if your business is the target of a cyber incident. If you have questions about our claims process or want to be connected to a broker, feel free to reach out to our team. Also, if you’re a broker interested in offering Coalition cyber insurance to your clients, click here to get appointed.

Coalition also offers a wealth of resources to help businesses implement good cybersecurity practices. For example, Coalition’s cybersecurity guide outlines the basic tenets of a cybersecurity program — a critical factor in reducing your organization’s cyber risk.