Though similar to ransomware, jackware could be multiple times more dangerous. Cybersecurity experts say this new type of malware hijacks physical devices that are core to modern living. We at JGS want you to be aware of the dangers of this dangerous new technology.
The difference between the two programs is that in a typical ransomware attack, the objective is to use malicious code to encrypt your data so the perpetrators can then demand a ransom. With a jackware attack, the intent is to lock up the hijacked device until you pay. Pretty scary stuff!
From an insurance perspective, the issue is which policy would cover damage caused by a jackware attack? This is where things can get a little tricky as business insurance/property damage would fall under a Commercial General Liability (CGL) policy, not a cyber policy, although it may be too early and there may not be enough case law to make that determination. If your business experiences this type of incident, the most prudent step to take would be to report the circumstances as a claim under both the cyber policy as well as your CGL policy so as to cover all bases and address all potential liabilities you may have.
With ransomware, the primary loss is almost always monetary. There also may be residual issues with the software or hardware that require replacement or repair to regain full operation of a computer system. A jackware attack may require a wider range of insurance coverage than a ransomware attack because the repercussions can be more widespread. Such an attack may cause property damage or even bodily injury. In addition, if machinery or equipment causes property damage or injury to others, there may be third-party liability as well. Voluntary shutdown, undertaken to prevent such bodily injury and property damage, also may trigger losses that create liability.
So what are you to do? You might initially review your cyber policies, many of which provide both first-party coverage and third-party coverage. Such policies should provide coverage for losses to data and computer or computer system components. However, cyber policies contain exclusions for bodily injury and for certain types of property damage. Those exclusions might be accessible whether the claim is for coverage of a first-party loss or third-party liability. Property policies and general liability policies often fill the coverage gap for such losses.
In the wake of many ransomware attacks, policyholders have successfully obtained coverage under a property policy for loss of data. Property policies—particularly all-risk policies—may also provide coverage for loss of other types of property triggered by a cyberattack. If a jackware attack causes an equipment malfunction that in turn causes a fire, fire damage to the policyholder’s property should be covered.
Furthermore, commercial general liability policies may also cover a jackware attack if, for example, an attack on the policyholder’s machinery causes that machinery to damage property belonging to others. JGS policies will cover all losses that the policyholder is legally obligated to pay based on liability from bodily injury or property damage.
It’s important to note that in a hardening cyber insurance market, coverage for cyber-related losses and damages under other types of insurance policies is becoming increasingly urgent. Property policies and commercial general liability policies are good options. As a policy holder, you should fight to keep cyber exclusions off these policies as well as advocate for policies that provide for losses from property damage and bodily injury. Just because property policies or liability policies apply to portions of a loss from jackware does not mean that cyber coverage cannot apply. In fact, all three types of policies may provide coverage for any given scenario.
If your business or organization experiences one of these types of events, we believe the best thing to do would be to report this as a claim under both the cyber policy as well as your CGL policy to cover all bases and address all potential liabilities/exposures you may have from such a cyber-related incident.
For more information on how your policy can protect you in the event of a cyberattack, connect with us today.