If you haven’t heard of WannaCry, where have you been for the last month?
WannaCry was a worldwide cyber attack that infected over 230,000 computers in over 150 countries in the middle of May 2017 – affecting companies and services including the NHS in the UK, Telefónica in Spain, FedEx and more. It spread across local networks, encrypting the data on the machine and demanding a ransom in the form of Bitcoin in return for the decrypted data.
The malware targeted machines running older versions of Microsoft Windows. 98% of the affected computers were running Windows 7, according to a report by Kaspersky Labs. The four most affected countries were Russia, Ukraine, India and Taiwan, however the total damage it caused is immeasurable. Some UK companies had to halt business and production to prevent the ransomware from spreading. Many NHS hospitals in the UK were affected, including theatre equipment, MRI scanners and blood-storage refrigerators as well as the computers. In 2016, it was reported that thousands of NHS trust computers were still running Windows XP.
It is important to realise that WannaCry is not a one-off event. Though it is the most notable cyber attack event this year, thanks largely to the increasing amount of social activity to document these occurrences. According to Symantec, there were 463,000 ransomware attacks in 2016, massively increased from 2015 when there were 340,665. And, as we have already stated, WannaCry alone infected more than 230,000 machines in just a few days.
Cyber security can’t continue to be ignored and this is just the beginning of potentially far more malicious attacks on businesses. This is the landscape now. We are already far into the 21st century and businesses need to be vigilant and adjust against these modern threats, just as they would against physical theft and property damage.
Insuring Your Business Against Ransomware & Cyber Attacks
Cyber insurance is certainly a far bigger market in the United States than in Europe and Asia combined, but it seems the most infections of the WannaCry ransomware occurred in Europe and Asia. The reason for this is that there are more companies and institutions in Europe and Asia that are still running older versions of the Microsoft Windows operating system. It is far more complex for a business to update their operating system than it is for an individual end-user.
The top five most popular operating systems are (according to Net Applications):
- Windows 7: 48.5%
- Windows 10: 26.28%
- Windows XP: 7.04%
- Windows 8.1: 6.96%
- Mac OS X 10.12: 3.21%
According to Insurance Business Magazine, 90% of cyber claims are coming from businesses with less than £50 million in revenue. SMEs are beginning to recognise the very real cyber threats against them, and are beginning to understand just how vulnerable their business is in this digital world that we live in.
Approximately 1 in 10 UK companies affected by WannaCry will not have cyber insurance. Additionally, only 8% of UK businesses are checking daily for hacking activity and 32% check at least once a month.
Businesses that suffered due to WannaCry, but are without cyber insurance, are having to trawl through the fine print of their insurance policies that cover kidnap, ransom and extortion, in attempt to get some sort of financial compensation. It may also be worth questioning whether your business insurance covers your computers in the event of infection, resulting in your office’s computers becoming unusable, and whether you are covered for business interruption if such an event were to occur and you had to suspend business for a period until you can recover. But the truth is that for such a specific threat, a specific type of insurance cover will be the safest option.
“Aside from the widespread inconvenience, the cost of a data breach can be profound,” Lockton’s senior vice president has said, “running into millions of pounds for larger organisations, with additional hits to reputation, customer base and business opportunities.”
Question is… will the cyber insurance market see boosted growth after WannaCry? Or will business owners forget about it until the next mass cyber attack trends on Twitter?
Further reading – Cyber Insurance: A New Era for the Small Business