As the WannaCry ransomware attack dies down, an assessment of where we are and what the future holds may be in order. First, what happened:
The Attack: The ransomware attack, called WannaCry, was worldwide and spread fast. Microsoft had issued a patch for the specific vulnerability prior to the attack, but many organizations had not applied the patch or were running outdated software, and were therefore vulnerable.
What is Ransomware? Ransomware is a type of malicious software that encrypts data so the user is blocked, and then requires a ransom payment to unlock the data. Payment is typically made via virtual currencies such as bitcoins. Simple ransomware may unlock the data upon payment of the ransom demand, but more vicious variants may never unlock the data. The cost to the organization goes well beyond the payment of the ransom payment. Organizations typically incur business interruption expenses that are significantly greater than the ransom payment itself. See our prior posts here, here & here, and Wired here.
Who is at Risk? All organizations are at risk from various types of cyber-attacks, including ransomware attacks. While not widely reported in the media, small and medium size businesses are particularly vulnerable (see here). Healthcare has been a primary target (see here).
What can you do for protection? Three steps to take are maintaining updated software, training employees to be aware of fake emails, and Cyber Risk Insurance. See our prior post and also Schneier on Security (here) for information on prevention & protection.
What is Cyber Risk Insurance? Cyber Risk Insurance (also called Data Breach, Privacy and Network Security insurance coverage) provides protection to all types of organizations from the inadvertent disclosure of confidential information, and from damage to or destruction of computer systems and data from computer viruses, hacking and criminal activity. Cyber Risk Insurance can provide financial resources to help with the recovery from a ransomware attack, and some insurers provide access to expert resources to quickly assist in the recovery effort. Cyber Risk Insurance can also provide protection from theft of money, social engineering fraud, business interruption and liability from cyber exposures. Note that Cyber Risk Insurance policies vary widely, so a thorough review is essential to ensure that comprehensive coverage is in place. See here for more info on Cyber Risk Insurance.
What comes next? As noted above, make sure your systems are fully protected and you have Cyber Risk Insurance in place.
And more ransomware attacks may be on the way. There are early reports that another more powerful attack may be on its way, called XData (see here & here). XData is in its early stages, but appears to be significantly more sophisticated than WannaCry.
Cyber Risk Insurance is an essential coverage for businesses of all sizes for protection from ransomware, along with other cyber exposures. Comprehensive Cyber Risk Insurance policies will include coverage for the extortion payment, business interruption expenses, and systems related recovery expenses. Coverages vary widely, and so a thorough review is essential to ensure that comprehensive coverage is in place.
Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability and specialty insurance (E&O, D&O, EPL, Cyber Risk, Specialty). We excel at hard to place accounts.
Specialty Insurance Expertise: Tennant Risk Services
Content © Tennant Risk Services Insurance Agency, LLC, 2005 - 2017 | All Rights Reserved.