Ransomware encrypts the bank’s data. The carrier will not authorize payment because the threat actor is on an OFAC sanctions list. Banks deal with OFAC in daily compliance, but most don’t realize the same rules apply to their insurance. The bank chooses between an illegal payment and an indefinite outage.
OFAC compliance can override your coverage when you need it most.
Review your cyber policy’s ransomware coverage for OFAC carve-outs. Confirm your incident response plan accounts for a scenario where the carrier cannot authorize payment.