Wannacry – shining a light on cyber insurance

Ransomware is gradually being acknowledged by businesses as one of the most serious modern day threats. This type of cybercrime, in which hackers lock computers and threaten the user until a ransom demand has been paid, has been in the public eye on many occasions. Most recently, we saw the NHS ransomware attack infect computers and bring some parts of the UK’s health service to a standstill. But it wasn’t just the NHS that was affected. The ransomware software, known as Wannacry, hit businesses worldwide, with detections in locations as far afield as Russia and Taiwan. 

While ransomware has been around for over a decade, the Wannacry attack brought cybercrime as a whole to the forefront of the national agenda. Watching organisations across the globe deal with this kind of cyber attack served as a serious wake up call for businesses, with the realisation that this could easily happen to them.

In the week following the attack, our enquiry numbers were up just over 30 per cent, an extremely high percentage compared to the uptick of around 1-2 per cent that we’d generally expect to see in a usual week. We also saw that orders were up 40 per cent the week after the Wannacry incident. These figures illustrate a trend that we were already beginning to see – businesses are starting to take cyber threats seriously, and cyber insurance forms a vital part of this. Some sectors are notably leading the way in their understanding of the need to take a 360 approach to cyber defence. For example, since the beginning of the year, 20 per cent of our enquiries came from healthcare organisations, showing an increased awareness amongst this group of the implications should any of the sensitive data that they hold be compromised.

The evolution of crime

High profile cyber attacks such as these serve as a clear depiction of how crime is evolving and changing. Very rarely anymore do we hear of masked crooks storming bank branches and leaving with bundles of cash. Statistics from the National Crime Agency also support this shift – cybercrime rates overtook ‘traditional’ crime numbers for the first time in 2016. 

This shift is a result of criminals wising up to the fact that this type of ‘new world’ crime is far easier than traditional methods. It’s fairly simple to download and modify a malware ‘kit’ online, and that’s all that is really required to carry out an attack. The hacker doesn’t need to be anywhere near the business he or she is looking to target, let alone in the same country. The reality is that the chances of being caught are also slim, making it an attractive long-distance offence.

Ransomware accounted for 12.9 per cent of our claims in Q1 of 2016. Fast forward to Q1 of this year and it’s now the root of 20.5 per cent of our cyber claims. Within ransomware, we are also seeing some interesting nuances - the rise in ‘targeted extortion’ has been notable. This is a more personalised form of ransomware whereby a hacker researches and targets fewer organisations with a higher ransom demand – understanding that these targeted companies may have much more to lose – rather than going after lots of organisations demanding a lower sum of money. In these cases, ransom demands run closer to $10-20k, as opposed to the more modest $300 of an average ransomware demand. 

Many businesses wouldn’t even realise that in a typical ransomware attack, the ransom component of the overall cost to the business is probably the smallest part. The real cost rears its head in the clean-up operation after an attack. For some SMEs, this can run anywhere between $10-50k. This includes costs such as bringing in a third party provider to restore data and rebuild operating systems, beefing up systems to prevent future attacks, costs associated with the business not being able to operate normally, not to mention losses from reputational damage. 

Future proofing business strategies

Wannacry was a devastating incident and a stark reminder to businesses that they must take cyber defence seriously. Beyond the types that we see regularly, such as ransomware, there’s a whole host of other kinds of cybercrime that pose just as much of a threat including denial of service attacks, account takeover, CEO fraud and social engineering, and plenty more. 

Interestingly, the majority of health, retail and financial services businesses buy cyber insurance in fear of data breaches, but actually end up using their policies for other types of cyber incidents, such as those caused by ransomware attacks. This shows just how valuable an insurance policy can be in protecting a business against the unknown. 

As the landscape develops, there are an overwhelming number of threats that a business must take into consideration. In our recent research, we found that over a quarter (26 per cent) of SMEs cite this complexity as the key reason for not training their staff on the threat of cyber. They are simply “not sure where to start”.  Although perhaps understandable amongst a series of other time pressures and priorities, the impact of not being fully aware and protected against this new world crime can be devastating.

Cyber crime will only continue to adapt and advance. For that reason, businesses must know that they have solid security software in place to protect as much as it can, but should the worst happen, a cyber insurance policy is vital for businesses to respond to, and deal with, this kind of modern day crime. 

Graeme Newman, Chief Innovation Office, CFC Underwriting
Image source: Shutterstock/Nicescene