Lawyers in ‘Law360’ on Ransomware Payouts

Chicago Partner Christian Auty and New York Counsel Charlene McHugh were quoted Feb. 12 by Law360 on the continuing debate over whether to pay cybercriminals who lock an organization’s computer system or steal data. A recent study by security firm PurpleSec put the global cost of ransomware in 2020 at roughly $20 billion – an all-time high – while regulators continue to warn against paying ransomware attackers. “Truth be told, sometimes paying a ransom is the most pragmatic course of action,” said Auty, co-leader of BCLP’s global Data Privacy & Cyber Security Team. To help minimize damages, attorneys who advise cyberinsurers say insurance companies have already started requiring clients to fill out detailed questionnaires about their cybersecurity precautions before writing coverage. “Insurance companies will work with insureds to incentivize preventing ransomware attacks, or clients will lose coverage if they cannot sustain their promises,” said McHugh, whose practice focuses on insurance and reinsurance. “None of [the U.S. regulators] have said, ‘Thou shalt not pay ransom.’ They realize that the industry is not ready yet for an outright ban.”