Someone at Jaguar Land Rover is having a really bad day

While I have nowhere near the exposure Jaguar has, I’ve had cyber liability for more than a dozen years, hard to believe they did not:

https://www.insurancebusinessmag.com/us/news/cyber/jaguar-land-rover-failed-to-finish-cyber-insurance-purchase-550678.aspx

Jaguar Land Rover failed to finish cyber insurance purchase

Jaguar Land Rover, Britain’s largest automaker, is contending with the fallout from a crippling cyberattack that has forced it to keep three factories offline until Oct. 1. The financial toll is already staggering, but the blow has been made worse by the company’s failure to secure cyber insurance coverage before the incident struck.

According to Reuters, JLR had been negotiating a policy through broker Lockton but had not finalized the deal. As a result, the company is believed to lack direct coverage for what has quickly become one of the most disruptive cyber events to hit the U.K. manufacturing sector.

Without insurance to absorb business interruption losses, the automaker is shouldering the full weight of the shutdown, estimated by the BBC at £50 million ($68 million) per week. More than 30,000 employees have been told to stay home, while suppliers across the country warn of financial strain.

The absence of coverage comes at a pivotal moment for the cyber market. JLR’s troubles have handed the cyber market an unwelcome stress test at the start of the autumn renewal season. Underwriters are watching closely how a global manufacturer copes when downtime cascades through its production lines and supply chains without an insurer to step in.

The case also raises questions for brokers and risk managers: how close to the line can large corporates cut their renewal or placement timelines, and what exposure do they accept in the interim? For insurers, the episode underscores how costly the timing of cover can be when operational technology and just-in-time manufacturing are at stake.

 

There is certainly truth in that, but there are some policies that you need, at least in my opinion. Probably because we deal with so much litigation, and use lawyers daily my views are slanted.

Few companies can afford to deal with a data breach (in California) or ransomware attack that stops production (as in the instant case).

Same for Errors and Omissions and General Liability. You get a frivolous lawsuit, or even one with some facts, and you’ll spend hundreds of thousands defending it. In California the jury awards are nuts, one judgement could wipe out a decent size company without insurance. We had one person file an injury claim for falling on a sidewalk that belonged to the city, but it was in front of a client’s property. They still got over $100k as the attorneys told us a jury would typically side with the injured. Not a justice system.

Insurance is a necessary evil.

 

Perhaps.

We insist all clients purchase cyber liability, the attorneys on the other side pushed back on this for a while but no more. Keep in mind many cyber liability policies protect you from yourself, or staff, that say something wrong on social media, which we also tell our clients to avoid (not marketing, dialog).

We just completed a form/application for a new client, it wasn't as in-depth as one would think, although the policy limit was only $10mil. I'm sure the process for a major corporation is much more involved.

To me, the real danger is not in the company's network, it is a vendor or other partner that has access to the network. Target was a prime example. I can't imagine how many suppliers had access to their system - it is often the weakest link in the security chain.

People are allowing access to the company's databases to AI, what they don't realize is they are creating another attack vector.

If you are bored see: