Four threats changing insurers’ approach to cyber
Systemic failure
With advances in technology there is greater interdependence among different infrastructure networks, which is increasing the scope for systemic failures, according to Marsh’s Global Risks Report 2017.
This creates greater challenges for insurers regarding risk aggregation, such as where a single point of failure can set a chain of events going that can adversely impact balance sheets and portfolios, suggests Matt Webb, global group head of cyber at Hiscox.
This can be seen in the oft-cited denial of services (DoS) attack on Dyn, an internet performance management company which offers domain registration and other services, in October 2016.
Due to the high processing power of the botnet involved, Dyn had experienced a DoS attack at the rate of 1.2 terabytes per second.
With many companies relying on Dyn to host or run the domain name system for their website, cases like this exploit the vulnerabilities of Internet of Things (IoT) devices in areas where security is weaker, says Webb.
Webb suggests that one incident like this can affect many of an insurer’s policyholders, and in turn can lead to a stretched balance sheet.
“We consider that kind of scenario a massive DoS attack,” he says. “Previously, we thought that the only bad actors who had access to that much bandwidth were nation states, but now cyber criminals have access to it.”
Large scale ransomware
Ransomware—the encrypting of data, rendering it inaccessible until a ransom is paid to unlock it—is one of the fastest-growing cyber threats.
The number of ransomware attacks quadrupled in 2016, and is expected to double again in 2017, according to the report, Beazley Breach Insights – January 2017.
Organisations are typically seen as more vulnerable to these type of attacks during IT system freezes, at the end of financial quarters and during busy shopping periods, the report states.
A massive ransomware worm attack – dubbed ‘WannaCry’ – affected 150 countries over the weekend of May 13-15, 2017, stopping car factories, hospitals, shops and schools.
“The main costs of such an attack are business interruption, costs of recovering from backups,” said specialist insurer Beazley.
However this threat is evolving, Beazley suggests, with hackers now able to methodically investigate a company’s system, selectively lock the most critical files, and demand higher ransoms to get the most valuable files unencrypted.
Webb suggests the WannaCry attack is an example of how devastating ransomware attacks can be and how quickly they can spread.
He explains: “Friday’s incident exploits a Microsoft vulnerability which has allowed the malware to spread more easily.”
A typical form is targeted phishing emails that land in a person’s inbox.
“In one example, a woman in an office was sent an email claiming that she had been caught speeding,” says Webb. “It said ‘click on the attachment to see a picture of you speeding or click this link to pay the fine’.
“Both would have led to the same outcome, which is essentially an encryption software which is downloaded to your machine and encrypts all your files, which means you can no longer conduct business.
“Then a message appears from the hackers that says ‘we’ve got you. If you want the decryption key, send us X pounds or bitcoins’. The average ransom demands we see are between £400 and £1,000 ($516 and $1,290).”
Cyber terrorism
Politically motivated cyber operations such as the hacking of the US Democratic Convention during the 2016 US presidential election, along with the hacking of French TV channel TV5Monde—both allegedly by Russian hackers—are now being viewed as legitimate acts of aggression, according to Pool Re’s Terrorism Threat and Mitigation Report August – December 2016.
Due to expanding IT platforms and IoT, Pool Re sees cyber attacks as a fast-growing area of crime, and terrorists are likely to realise the ease of this form of attack and develop their capabilities.
Pool Re’s report suggested that terrorists are becoming increasingly active on the internet, but they are not quite as capable as organised cyber criminals, who tend to be more sophisticated and better resourced.
The reinsurer has suggested that the greatest cyber terror threat to the UK is from Islamist extremists, although their ideology calls for direct physical on Westerners rather than harm or disruption through cyber attacks.
In spite of this, Pool Re sees potential for Daesh to expand and move further into the cyberspace as its physical territory is reduced.
While their activity is seen as more disruptive than destructive, Daesh-affiliated groups such as the United Cyber Caliphate Army have been known to carry out small-scale social media and website defacements.
Terrorists do make use of the internet to publish personally identifiable information about individuals, making them more vulnerable for attack, says Pool Re.
Physical damage from cyber attacks
While insurers are gaining a better understanding of the results of cyber-attack on IT systems—for example, theft and extortion—the rise of the internet of things (IoT) has opened up new vulnerabilities that could result in physical damage for hackers to exploit.
This is according Andrew Coburn, senior vice president of emerging risks at RMS, who suggests that hackers can now target operational technology.
Cyber-induced fires in commercial office buildings; triggered fires in industrial processing plants; triggered explosions on oil rigs; cyber-enabled marine cargo theft from a port; and regional power grid outages have all been identified by RMS as new risk scenarios where cyber attacks could result in physical damage.
Lloyd’s latest Business Blackout report – published July 2015 – estimated the economic impact from physical damage caused by cyber-attacks could be from $243 billion to $1 trillion, with insured losses estimated between $21.4 billion and $71.1 billion.
“In the past two years, we have seen attacks that have damaged industrial plants, shut down building control systems, and caused power grid failures—all achieved by hackers targeting control systems that are linked to the internet,” says Coburn.
RMS also suggests that this poses a systemic threat across portfolios as multiple lines of business could potentially be affected.
Learn more about cyber security at our event Intelligent InsurTECH Europe 2017
