On Friday 12th May, news of the NHS cyber attack spread across the UK as WannaCry ransomware infected computers across hospitals and healthcare organisations. But it wasn’t just the UK that felt the effect of this attack – there were detections of WannaCry across the globe, from Russia to Taiwan, and not just in the health sector either.
As businesses deal with the aftermath of this cyber calamity, it’s time to be looking at defence strategies from a 360 degree perspective, from having robust security in place right through to getting insurance that can be referred to if the worst were to happen.
Following the Wannacry attack, our enquiry numbers were up just over 30% – this is an extraordinary jump compared to the natural week on week uptick of 1-2% we’d usually see. In addition, orders were up 40% the week following the event, compared to the week before. Some sectors are leading the way with this thinking – for example, since the beginning of the year, 20% of our enquiries came from healthcare organisations and 12% came from retailers.
>See also: Cyber insurance – a growing requirement?
To draw a comparison with a physical flood, businesses can see water running down the street and past their front door, prompting them to take action to guard against a similar threat.
Changing times, changing crimes
The WannaCry attack was another perfect example of how crime is changing. We no longer see balaclava bound crooks storming physical bank branches, but cyber criminals working remotely to bring global organisations to their knees. So why the shift? Put simply, it’s easy. This type of ‘new world crime’ is much easier. Enabled by technological sophistication, it’s relatively simple to download and modify a ‘kit’ online, and the chances of an individual being caught are next to none. You don’t need to be anywhere near the business you’re looking to compromise, let alone in the same country.
We are now seeing the evolution of different tactics under the umbrella term of ‘cybercrime’. Take ransomware for example, a trend which has been gathering pace for several years. In Q1 of 2017, this type of cybercrime accounted for 20.5% of our claims, a dramatic rise from just 12.9% in the same quarter of the previous year.
Within ransomware, we’re also seeing a rise in ‘targeted extortion’. This is a more personalised form of crime and could be likened to ‘fishing with a rod rather than a net’, targeting specific individuals for higher sums of money.
Ransom demands in this scenario run closer to $10-20k on average, compared to an average ticket price of around $300 for broader attacks. The largest claim we have paid out for targeted extortion was around £1.5 million – due to system damage, business interruption and lost revenue.
It’s also interesting to note that the actual ransom component of the cost to businesses is actually quite small. The theory is that if you make the ransom small, people are more likely to pay. However, this is a slightly odd economic model – the fact is that people who will pay a ransom of $300 are generally just as likely to pay $3000.
The ransom might be just $300, but where we see the real cost to SMEs is in the clean-up operation after an attack, which can run between $10-50k. This includes costs such as bringing in a third party provider to restore data and rebuild operating systems, beefing up systems to prevent future attacks, as well as consequential operational harm.
Due to attacks such as WannaCry, businesses are starting to wake up and realise that cyber threats need to be taken seriously. If your offices were broken into and you had your hard drives stolen but you didn’t have contents insurance, there’s a high chance that you would invest in some since you’ve experienced first-hand the resulting losses. Cyber insurance is no different and businesses should be thinking about this as part of their wider security strategy.
Beyond ransomware and targeted extortion, there’s denial of service, account takeover, CEO fraud and social engineering, amongst others. It’s not just about data breaches, and interestingly, the majority of health, retail and financial services businesses buy cyber insurance in fear of data breaches, but actually end up using their policies for other types of cyber incidents, such as those caused by ransomware attacks.
The threat landscape is evolving quickly and beyond the shift from ‘traditional’ crime to cybercrime. The latter is now developing as well. It’s a confusing time for businesses as they grapple with these new world threats, but it’s important that they are looking both at good risk strategies and an insurance policy fit for crime today. The vast majority of UK businesses will experience a security breach in their lifetimes so it’s vital that they are prepared to cope with the worst should they fall victim.
Sourced by Graeme Newman, chief innovation officer, CFC Underwriting
The UK’s largest conference for tech leadership, TechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here