Ransomware attacks Petya, WannaCry and Petya highlight need for cyber cover, otherwise businesses face huge bills, says Lloyd’s
In the wake of yesterday’s Petya global ransomware attack and last month’s WannaCry attack, businesses need to insure fully against cyber threats, Lloyd’s urged, citing new research.
Lloyd’s warned that without proper preparation, businesses could face a hefty bill, including “slow burn” costs such as reputational damage, litigation and loss of competitive edge.
The research identifies ransomware as a rapidly increasing threat, together with distributed denial-of-service attacks and chief executive fraud. The analysis also highlights that financial services firms are the most targeted by organised cyber-crime, but that retail is also increasingly being targeted.
The findings are part of a new report released today by Lloyd’s in association with KPMG and legal firm DAC Beachcroft, which looks at the nature of the current cyber risk landscape as well as the top threats by industry sector.
Inga Beale, CEO of Lloyd’s, said: “The reputational fallout from a cyber breach is what kills modern businesses. And in a world where the threat from cyber-crime is when, not if, the idea of simply hoping it won’t happen to you, isn’t tenable.”
Beale said businesses need to understand the threats they may be exposed to and to consult with experts on handling cyber breaches and minimising reputational harm.
She said businesses need to arrange cyber insurance to ensure the risks are adequately covered.
“By reacting swiftly to mitigate the impact of a cyber breach once it has occurred, companies will be able to minimise the immediate costs and their exposure to subsequent slow burn costs,” she said.
Matthew Martindale, director in KPMG’s cyber security practice, said: “Cyber risk has moved up in the business agenda and businesses are taking measures to prepare themselves. However, they are failing to factor in the long-term damage that a breach can cause and the cost implications of it.
“Dealing with things like reputational issues and litigation in the aftermath of a breach, can add substantial costs to the overall loss. Businesses really need to start thinking about the cyber risk holistically rather than one that is currently very short sighted.”
Hans Allnutt, partner and head of Cyber & Data Risk at DAC Beachcroft, said: “Whilst the immediate business impact of a breach could be significant for any organisation, it may only be the tip of the iceberg when it comes to dealing with the legal consequences which may last months or even years.”
The report’s headline findings are:
Ransomware and distributed denial-of-service attacks are increasingly used against businesses, with healthcare and media and entertainment particularly targeted. For example, Beazley, a Lloyd’s underwriter, has seen a fourfold increase in ransomware attacks on its customers from 2014 to 2016. It predicts the number of attacks will double again this year.
The financial services sector finds itself at the sharp end of targeted attacks by organised cyber-crime but retail is increasingly being targeted. Criminals are becoming more financially savvy, and have started to target bank systems and financial infrastructure.
Oil and gas firms can find themselves caught up in national politics and can be the subject of espionage as well as occasional high-end disruptive attacks; they essentially become political cyber footballs
The public sector and telecommunications sectors are highly susceptible to espionage-focused cyber-attacks.
There has been a major growth in targeting companies through CEO fraud, i.e. perpetrators posing as a senior executive to elicit sensitive information. This is resulting in significant financial losses.
To learn more about cyber, you can register your interest to join our Cyber Insight 2017 event.
To learn more about cyber, you can register your interest to join our Cyber Insight 2017 event. You will learn:
- What are the best insurance providers in cyber for SME/Mid-market?
- How to create the perfect cyber policy and sell it effectively
- Best practice cyber case example from a large broker
- The GDPR and the risk to firms in 2018
…. and lots more
To register your interest, leave your name and contact details firstname.lastname@example.org