A medical practice in North Carolina had submitted what it believed to be all the necessary paperwork in order to renew its cybersecurity insurance, but the policy lapsed just two days before the company suffered a serious ransomware attack. 

‍

Given that recovery from the attack cost the practice more than $300 thousand on top of nearly $700 thousand in lost revenue while their internal systems were out of operation, the practice is now suing their insurance provider for negligence in failing to inform them of the lapse in coverage. 

‍

While the insurer has not yet commented publicly on the matter, a cybersecurity expert in the field claimed that the depth of infrastructure analysis and risk assessment required before a policy can be issued or renewed would have made it unrealistic to renew a policy effective immediately. 

You can read more about that case and its implications here.