Less than a week after the massive "WannaCry" ransomware cyberattack first hijacked computer systems in at least 140 countries, insurers, brokers and cyber risk management specialists are working with businesses to report claims, improve and expand existing cyber insurance coverages and implement cybersecurity best practices.
According to Paul King, USI’s Management Professional Services (MPS) national director and cyber practice leader, this is the second cyber "aggregation threat" incident of 2017 and there’s every indication the next wave of ransomware attacks will be more disruptive and harder to halt.
Targeting a Windows vulnerability, WannaCry locks up a computer system it infects until the victim pays a ransom. Multiple organizations affected have confirmed the average individual ransom demand from the attacks at $300, with some companies receiving a $600-demand, to be paid in Bitcoin, a cryptocurrency popular with hackers. With more than 200,000 organizations believed to have been infected, experts, including Vikrum Thankur with Symantec, believe total repair costs could be in the tens of millions of dollars.
"The thing that stopped WannaCry Saturday night was taking advantage of an accidental IP address weakness," said King, referring to the malware’s nickname and a weakness in its code that was exploited to prevent further spread. "However, this blessing seems to indicate that the malware can just be reconfigured minus the IP weakness and we start the process over again. In fact, it appears there are already other similar but more destructive ransomware tools being tested that will shortly be up for sale on the Dark Web."
King said the actual ransom cost is minimal compared to the costs associated with acquiring forensic expertise to identify the scope of the attack and provide remediation services, the business interruption losses and the cost to repair and restore a network.
Additionally, given how courts have recently granted standing for class action suits relating to breach events and cyber, this massive attack is likely to trigger a wave of cyber liability lawsuits in a manner not seen before. For example, the healthcare industry could be vulnerable to such lawsuits if critical services to patients were interrupted due to a cyber incident, King said.
Amid the real possibility of another ransomware attack, USI is cautioning businesses to take steps to ensure their cyber risk management practices, cyber service providers and cyber insurance policies are equipped to respond effectively to ransomware attacks.
This includes putting together a robust response plan with all organizational stakeholders outlined and aware of their duties. Making sure IT or cloud providers are regularly backing up organizational data is also crucial.
King said it is incumbent on organizations to make sure they have purchased the right kind of cyber coverage.
"Keep in mind when purchasing cyber coverage that policies are different with no uniformity. Some policies offer ransomware cover, some do not and not all cyber policies include the use of bitcoin or other crypto currency," he said.
Without a comprehensive cyber insurance program, companies may be forced to pay out-of-pocket for system remediation costs, business interruption losses and any potential liabilities resulting from an attack. For small to medium sized corporations, this could be a financial catastrophe.
"If you are an organization and you have been dragging your feet on whether to obtain cyber coverage, WannaCry is a warning shot that the cyber threat is serious and urgent," said King.
While it’s true that large corporations may still be the most lucrative targets for hackers, including cyber-extortionists, small and middle market businesses (SMB) are increasingly targeted. Shockingly, however, most SMBs remain unconcerned about cyberattacks. According to a 2016 report by the National Federation of Independent Business, SMB owners rank cybercrime 51 out of 75 possible business concerns.
This, in spite of the fact that cybercrimes is up significantly in all categories. Ransomware attacks, for instance, rose from 3.8 million attacks in 2015 to 638 million in 2016, according to a report published by SonicWall.
For more information about USI’s Cyber Solution, PrivaSafe, or any other Cyber risk management needs please contact your USI representative.