It tells a story how a hotel’s website was affected by malicious code stemming from a cryptojacking attack, resulting in lower search engine ranking results for the hotel’s website.
The key takeaways are as follows:
• The impact of a cyber event can last longer than we usually think. Many people assume that if your website or other computer systems get taken down or disrupted by a cyber event or system failure, then you only need to restore the affected systems in order to halt any potential business interruption loss. But this claim illustrates that even when a website has been restored to its full functionality, a return to normality is not guaranteed. In this case, the hotel was still seeing lower search rankings and reduced bookings even after the website was cleared of malware.
• The above point is important from a cyber insurance perspective because of the way indemnity periods vary from policy to policy. Some cyber policies will only reimburse policyholders for the financial losses incurred during the period that systems are down (in this case that would be the time during which the website was disrupted by the malicious code). Other policies will reimburse policyholders for the financial losses incurred while systems are down, plus an arbitrary number of days after computer systems are back up and running. And some policies, such as CFC’s, will continue to reimburse policyholders after systems have been restored to their normal functionality, up to the point where policyholders are back in the same financial position that they would have been in had the cyber event or system failure not occurred. This is a key distinction because a business can continue to be affected financially even after its systems have been restored, and any policy that doesn’t cover this could leave the business financially exposed.
• This claim also illustrates the increasing dependence that most modern businesses have on their digital assets, whether that be their electronic data, software programs or websites. In this case, although the hotel wasn’t completely reliant on its computer systems to operate, it did depend on its website for a substantial portion of its bookings. When that site was badly affected by malicious code, the website’s search engine ranking was impaired and the hotel saw fewer bookings as a result. With more and more businesses relying on their digital assets to generate revenue, having a cyber insurance policy in place can provide a valuable safety net in the event that these digital assets are damaged or become inaccessible.