In the USA, there was a landmark ruling that refers to insurance contracts. If this explicitly refers to protection against “physical damage,” intangible objects such as a computer program are not to be protected. This is likely to have serious consequences in the event of attacks with ransomware.
Supreme Court denies ruling from appeals court
U.S. citizens who only have traditional insurance coverage should now urgently upgrade. This is especially the case if they enjoy frequent Internet browsing. After all, the Supreme Court in the US state of Ohio has now ruled that an insurance policy for “direct physical damage” will not pay compensation in the event of loss and damage to software. These have “no physical existence” and are consequently not covered by the protection. The situation is different for the data carriers on which the software runs, as these are covered by the protection.
In doing so, the Supreme Court went against the Court of Appeals, which took the opposite view in the fall of 2021. The lynchpin of the case is EMOI, a U.S. company that sells medical billing software. The service provider was suing Owners Insurance, an insurance company, at the time. EMOI accused its insurer of failing to conduct an audit of damages to the billing software itself. The Court of Appeals found that such an audit was necessary. The Supreme Court, however, did not, as the final ruling now shows.
Ransomware requires cyber insurance for everyone
Insurance company Owners Insurance argued before the Supreme Court that the limits of traditional property insurance are slowly but surely getting out of hand in the wake of digitalization. For example, it is now no longer just computers and telephones that could be hacked. Even household appliances and cars are increasingly becoming a gateway for criminals. Accordingly, it is now necessary to protect oneself more specifically in order to be able to counter the risks that our digital age brings with it. Suitable solutions are available in the form of cyber insurance. These cover damages in connection with cyber attacks by ransomware or other means. Of course, one can understand the insurance company’s point of view.
Nevertheless, a rethink must now take place. After all, liability insurance policies in the U.S. also covered such immaterial damages for many years. In view of the significant increase, this is now probably no longer reasonable from the perspective of the U.S. judiciary. However, this is likely to have significant financial consequences for many companies and private individuals. After all, cyber policies are associated with high costs. Despite high premiums, many cyber insurance policies cover such attacks only to a limited extent. Classic exclusion scenarios, for example, are attacks that take place in the course of war. Consequently, many will simply have to live with the risk of becoming a victim of a cyber attack in the future.