John Jackson Discusses the Costly Business of Ransomware Attacks and the Need for Cybersecurity Insurance

July 28, 2021 | Mentions

This article, originally published on July 13, 2021, has been updated to note John Jackson’s insights in the Texas Lawyer article “Your Business Client Needs a Cybersecurity Insurance Policy Now.”

In 2020, U.S. companies spent nearly $3 billion defending class action lawsuits resulting from cybersecurity attacks. In a Texas Lawyer article discussing the rising number of cybersecurity incidents and the costly results, Jackson Walker partner John Jackson shared how ransomware attacks are growing increasingly common—and what companies can do to protect themselves.

‘A Financial Calculus’

“Lately, I found ransomware is occurring with even nonprofits and smaller companies that are easier targets. It can be pretty devastating,” he said.

With $500,000 sometimes being the minimum ransom amount, John stated, “It’s kind of a financial calculus. If the company is experiencing business losses, and they are losing say $100,000 a day, every day, and they have been shut down for two weeks, and it will take another week or two to get everything up and running.”

Even after a company rebounds once the ransom is paid, that business may face litigation by customers, employees, and shareholders.

What to Know About Cybersecurity Insurance

To protect themselves, companies can provide life lock and credit monitoring to those who had their data stolen, which protects the individuals from identity theft and the company from liability.

“If a consumer had personal information exposed and the company offered them the life lock protection, and they can’t show they suffered financial damage, then the lawsuit may be unsuccessful,” he added.

Companies can also purchase cybersecurity insurance, which could potentially help cover costs resulting from an incident.

“These costs can be substantial and can include expenses for forensic investigators, remediation, legal advice, a specialist to negotiate with the threat actor and other potential expenses,” John said. “Of course, the company would still need to satisfy the deductible, but after that, covered expenses could be reimbursed.”

To read more, view the Texas Lawyer articles “With Looming Attack and Litigation Risk, Lawyers Say Every Business Should Buy Cybersecurity Insurance” and “Your Business Client Needs a Cybersecurity Insurance Policy Now.” Please note a subscription is required to view these articles.

John JacksonMeet John

John M. Jackson has represented clients in patent litigation and complex commercial litigation matters in federal and state courts throughout the country, and in the International Trade Commission (ITC). He has represented clients in patent infringement lawsuits involving software, internet applications, consumer electronics, oil drilling technology, mechanical devices, chemical compositions, and business methods. In addition to his intellectual property practice, John co-chairs the Firm’s Cybersecurity Litigation Group and counsels clients concerning data privacy issues. He has earned certification as a Certified Information Privacy Professional (CIPP/US) and a Certified Information Privacy Manager through the International Association of Privacy Professionals.

For questions regarding cybersecurity and risk mitigation, contact John at