Newly released data from cyber insurance provider, CFC Underwriting, has revealed that the WannaCry cyber attack in May was the biggest source of cyber insurance enquiries for the first half of the year. In the four weeks following the attack, weekly enquiries dramatically increased by nearly 50%.
Beyond the initial media coverage of WannaCry, headlines continued to report the ongoing impact of the ransomware attack. It was reported that the attack had links to China, and highlighted that it was the biggest ransomware attack the world had seen to date. It is highly likely that sensationalist headlines such as these were behind the sharp and sustained increase in enquiry rates.
Very recently, the possible financial impact of cyber events has also been widely reported, which is no doubt contributing to businesses considering purchasing cyber cover. Lloyd’s of London issued a report last week which warned that a serious cyber attack could cost the global economy $120bn, as much as catastrophic natural disasters.
At CFC’s annual Cyber Symposium at the end of last year (November 2016), almost a quarter of cyber insurance professionals in attendance (23%) said that the “fear factor” of an impending and costly attack played a significant part in the growth of their cyber book in 2016.
But this “fear” is now being realised by actual significant losses. For example, British consumer goods company Reckitt Benckiser lost an estimated £100 million in the recent NotPetya ransomware attack, and even the smallest firms can face costs in the hundreds of thousands after an attack.
Independent research conducted for CFC earlier this year highlighted the top three elements of cyber crime that concern small businesses – theft of funds, inability to operate due to system outage, and damage to reputation. Yet 48% still do not have an incident response plan in place.
Graeme Newman, chief innovation officer at CFC Underwriting commented: “We’d expect to see an uptick, but this really was an unprecedented jump and then sustained interest, compared to previous high profile attacks. Much like a physical flood, businesses could see water running down the street and past their front door, prompting them to take action to guard against a similar threat.”“
While headline-grabbing attacks such as these spur businesses into action, we’re no longer living in a world where cyber insurance can be a reactive afterthought. Security can only go so far in protecting against a cyber event – companies must have the right policy and response team in place should they fall victim to an attack. The value of intangible assets now generally outstrips the value of tangible assets on corporate balance sheets and businesses must be ready for this new wave of crime.”