By Drew M. Smith
It seemed inevitable, but last week a massive cyberattack struck across the world. The attack struck over 200,000 systems in nearly 110 countries. The Wannacry virus exploited a bug in Windows that had been patched out. Many, however, didn’t update their systems to the latest patch due to concerns about their legacy systems being impacted. As a result, the hackers used the exploit to install ransomware onto computers. When they clicked on the email, the malware locked down the computer and easily spread to other computers, forcing the companies to decide whether or not to pay.
The reason why this attack gained so much coverage was two things. The first is the scope of the attack. It impacted systems in over 100 countries, mainly targeting Russia and Taiwan.1 The second was who they attacked. The two largest victims were the NHS in the UK and Fedex; two companies with access to potentially millions of records. In France, the Renault factory was forced to close Monday as they assessed the damage. In Germany, the ticket machines for their train system were locked down forcing it into damage control.2 Every system that used Windows was vulnerable and still may be open to further attacks.
In the wake of this, cyber insurance is suddenly as valuable as gold. Many companies don’t have an incident response plan or adequate coverage. Both of these are important in the event of a breach. The key is to find the right coverage. Cyber insurers can provide an extortion policy which would cover ransom payment in the event of a ransomware attack. The issue isn’t the money lost from the ransom, it’s the time wasted solving it. Every minute you’re locked down is more time you are not working. In the NHS hack, the amount of time it took to solve it forced outpatient care to be cancelled or rescheduled.3
The recent worldwide hack has brought attention to the vulnerabilities that our computers have. Many still haven’t been trained or know what to do in a cyberattack. Construct a response plan and make sure that your insurance carrier knows this plan. Make sure that the insurance is constructed carefully otherwise you won’t be covered correctly. This worldwide cyber-attack should be a wakeup call to plan for future ones.
For more information on this topic, please contact one of our licensed representatives at 201-847-9175 or info@axisins.com. We invite you to ask us how a Cyber policy can help you.
1https://www.usnews.com/news/business/articles/2017-05-12/the-latest-uks-health-service-hit-by-ransomware-attack
2https://www.nytimes.com/2017/05/15/world/asia/china-cyberattack-hack-ransomware.html?_r=0
3https://www.law360.com/insurance/articles/924022/global-ransomware-attack-shows-cyber-coverage-is-critical?nl_pk=080c2641-bd82-49e5-a25b-cd0336805cba&utm_source=newsletter&utm_medium=email&utm_campaign=insurance