Lloyd’s warns on cyber costs after Petya ransomware attack
Businesses could face a much higher bill than they expect or are prepared for after falling victim to a cyber-attack, according to new research from Lloyd’s, released just after the latest Petya cyber-attack.
As businesses increasingly become the target of sophisticated hacking attacks, Lloyd’s warned on June 28 that they need to properly prepare themselves or face a hefty bill, including ‘slow burn’ costs such as reputational damage, litigation and loss of competitive edge.
The Lloyd’s research identifies ransomware – such as the WannaCry worldwide ransomware attack last month – as a rapidly increasing threat, together with distributed denial-of-service attacks and CEO fraud. The analysis also highlighted that financial services firms are the most targeted by organised cyber-crime, but that retail is also increasingly being targeted.
Inga Beale, CEO of Lloyd’s, said: “The reputational fallout from a cyber breach is what kills modern businesses. And in a world where the threat from cyber-crime is when, not if, the idea of simply hoping it won’t happen to you, isn’t tenable.
“To protect themselves businesses should spend time understanding what specific threats they may be exposed to and speak to experts who can help handle a breach, minimise reputational harm and arrange cyber insurance to ensure that the risks are adequately covered. By reacting swiftly to mitigate the impact of a cyber breach once it has occurred, companies will be able to minimise the immediate costs and their exposure to subsequent slow burn costs.”
On June 27, some of the world’s largest companies including WPP, Rosneft, Merck and AP Moller-Maersk have been hit by a large-scale cyber attack that also took critical government and bank infrastructure in Ukraine offline on June 27, according to the Financial Times.
Hackers shut down access to computers and displayed a message demanding a $300 ransom from users, payable in bitcoins.
This comes shortly after a massive ransomware worm named WannaCry caused damage across the globe stopping car factories, hospitals, shops and schools in May.
Ransomware and distributed denial-of-service attacks are increasingly used against businesses, with healthcare and media and entertainment particularly targeted, according to Lloyd’s. Beazley, a Lloyd’s underwriter, has seen a fourfold increase in ransomware attacks on its customers from 2014 to 2016. It predicts the number of attacks will double again this year.
"With companies across the world reporting another wave of ransomware attacks, thought to be created by an updated version of the WannaCry virus, it’s clear that hackers do not discriminate by type of business or location,” said Michelle Crorie, partner at law firm Clyde & Co.
“These latest attacks vividly demonstrate that any business with a computer connected to the internet needs to ensure they have sufficient protection in place to help to reduce the risk of a hack. We work with cyber extortion insurers who have policies designed to assist businesses with the challenges such an attack presents, such as a multi-disciplinary team of IT experts, external legal and crisis risk management professionals, who can together mitigate the impact of an event and assist in increasing security for the future."
Costs for insurers from such attacks include business interruption and costs of recovering from backups.
"The other prevalent form of cyber-attack is data breach and with new European wide General Data Protection Regulations (GDPR) due to become law next May 2018, businesses face punitive fines of €20 million or up to 4 percent of global turnover, if they do not take adequate steps to protect sensitive customer data,” Crorie noted. “This change in the law, combined with such high profile and wide-ranging cyber-attacks, are driving cyber risk onto the board agenda and leading the board to consider carefully their D&O exposure. Businesses need to understand how to mitigate and limit the risk, and also have a good understanding of the legal consequences of the risk mitigation options available.”
Use code "Save20" and to save 20% on selected tickets for for Intelligent InsurTECH Europe 2017 - Offer ends July 15th
Today’s stories
IAG prepares for higher reserve releases, raises FY 2017 margin guidance
Broker USI acquires Wells Fargo’s commercial insurance business
Hiscox USA reveals new chief operating officer
Sompo taps credit and political risk underwriter from AmTrust at Lloyd’s
CNA hires senior technology underwriter from Zurich Insurance
Newline launches affinity and special risks business in London
Beazley boosts US management liability practice with Nationwide hire
Tropical cyclone Debbie costs reach A$1.4bn
Arch Insurance expands travel unit with new hires
North P&I Club appoints deputy director of underwriting
Did you enjoy reading this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.
