7th July 2017

A new dimension to cyber risk?


Posted by: Nathan Sewell
Tagged: Cyber Risks, Financial Institutions

The "Wannacry" ransomware attack resulted in an explosion of news reports and articles. Whilst this is not surprising as it affected 150 countries and is estimated to have caused financial and economic losses of up to $4 billion, does the “NotPetya” cyber attack raise some more serious corporate concerns?

The “NotPetya” attack crippled IT systems in Ukraine before spreading to 64 countries. Now 10 days after the first reports we’re beginning to see how damaging this has been, as stricken organisations are still struggling to get their systems back online.

Petya modifies the machine’s master boot record and encrypts files. No-one appears to have any answers to this malware, the process appears to be irreversible. It is being suggested that rather than monetary gain, the true purpose of “NotPetya” was total destruction. Cyber security experts are allegedly telling clients that there is little hope of recovering infected systems and unless they have backups of encrypted data, it is lost for good.

Among the affected organisations are many of the world’s major businesses, including Reckitt Benckiser, Rosneft, Merck, AP Moller-Maersk, TNT, WPP and DLA Piper.  The damage appears to have affected all operational capabilities from access to emails and documents through to manufacturing and logistics. 

Reckitt Benckiser, the consumer goods firm behind Durex condoms and Dettol disinfectant have forecast a sales loss of £110 million with reports that these products may be in short supply as a result. DLA Piper are reported to be still struggling with the effects, with telephone and email systems apparently knocked out for two days and the firm advising clients to resend emails that were sent during the period 27 June to 1 July. 

These global firms all invest substantial amounts on cyber security and data protection, as comments within the 2016 Reckitt annual report would confirm. The problem is that the number of attacks are increasing. Figures released yesterday from Beaming, the internet service provider, suggest that the number of attacks on UK based businesses have increased by more than 50% to average of 65,000 per month, whilst in March research by Opinium showed that 52% of British businesses had been hit by some form of cybercrime. 

Surprisingly the Wannacry attack did not significantly increase the uptake of Cyber Risk Insurance, but perhaps this latest attack will make firms think again. Smaller companies, particularly those in the investment industry and financial services do not necessarily have access to specialist resources and would be completely crippled if their IT systems were shut down. Most Cyber Risk Insurance policies would provide firms with access to these specialist resources and this is one of the main reasons clients purchase the cover. 

RPC, the leading law firm, recently suggested that cyber criminals are particularly focusing on smaller financial services firms as these have lots of sensitive and personal information but have not got the resources or cyber defences of larger firms.  

In the same way as Wannacry, experts are suggesting some sort of State involvement with the “NotPetya” attack.  Perhaps if these types of incident are going to increase more firms should think about Cyber Risk Insurance.

To find out more about Cyber Risk Insurance read our 2017 Cyber and Data Insurance Guide.