Advisen FPN

Advisen Cyber FPN - Wednesday, July 19, 2017

Havoc and hope: Ransomware attacks drive awareness, innovation


Havoc and hope: Ransomware attacks drive awareness, innovation

By Erin Ayers, Advisen

Fallout from recent ransomware attacks has ranged from extended disruption for some organizations, concern over financial aggregation from regulators, and as perhaps the more positive outcome, a continued boost in cyber insurance sales.

On June 27, less than three months after the WannaCry ransomware attack took down over 200,000 computers, a new threat popped up, taking down unpatched Microsoft Windows systems across the globe.  The attack was quickly christened with a variety of names including “Petya” (based on suspicions it was a known strain of ransomware), “NotPetya” (based on the realization that it was not), and “GoldenEye” (the family of malware the strain belongs to, also possibly for James Bond fans).

Originating in Ukraine, the event struck banks, an airport, Chernobyl’s radiation monitoring system, DLA Piper, a massive law firm, and many other firms. One of the hardest-hit companies was A.P. Moller-Maersk, a global shipping firm that felt the impact of the event for over three weeks with an estimated cost of $50 million due to the disruption, according to Alphaliner, a shipping resources organization.

While these events affected a small percentage of the world’s computers and companies, they should be cause for alarm and advance preparation for any organization – and the insurance industry. For example, the UK’s Prudential Regulatory Authority (PRA) released cyber insurance underwriting guidance not-so-coincidentally after the event with the tl;dr message, “Please make sure you have enough cash to pay for all these cyberattacks, thanks.”

As Marsh’s cyber practice leader Thomas Reagan put it in a blog post after the event, “[the] attack demonstrates that more virulent malware can be unleashed with little effort on specific targets and innocent bystanders, with consequences for all.”

And though these are ransomware events, with NotPetya’s additional wrinkle of reportedly deleting data, losses ultimately end up costs for delays in production, rather than cyber extortion. The June 27 event resulted in only about $3,500 worth of bitcoin being paid in ransom, not exactly a good payday for the bad guys. The costs for affected organizations are likely to be much higher – prompting greater sinterest in risk solutions for cyber-related business interruption.

“It has created a lot of interest in business interruption on the cyber side,” said Steve Bridges, senior vice president of JLT Specialty’s cyber/E&O practice. It’s an area that has driven greater interest in cyber insurance and one where the industry has responded.

“Many insurers now provide coverage grants such as business interruption, contingent business interruption and system failure for these types of ransomware attacks - coverage that did not exist five years ago in the primary space,” said Steven Anderson, vice president and product executive for privacy and network security for QBE North America, in an email to Advisen. “The fact that insurers now offer coverage for ransomware attacks, demonstrates the market’s ability to adapt to changes in cyber landscape.”

He added, “Some commentators have predicted that WannaCry and Petya may result in billions of dollars in damage to the global economy.   However, we must continue to educate ourselves technically, so we can continue providing this coverage in a manner that makes sense both for the insurers and their insureds.”

JLT’s Bridges added that a wider group of entities can be exposed to business interruption loss, rather than the traditional buyers of cyber insurance -- firms with heaps of appealing, eminently stealable personal data.

“It’s events like this that drives innovation,” he said. “We’re seeing improvements. We’re seeing insurers extend the [business interruption] trigger from security failure to system failure. We still need to push the market.”

Bridges added, “These are not one-off events. The bad guys are refining their tools and looking to exploit the systems that are out there.”

If there’s a silver lining to global cyber events, it’s the fact that it prompts businesses to take a closer look at their own risk and the risk of their critical supply chain partners. The cyber insurance underwriting process can aid in the evaluation and direct attention to how systems are safeguarded, what the potential BI losses would total.  A common theme for many cyberattacks has been that they are caused by sloppy cyber hygiene, rather than stunningly crafted, sophisticated cyber weapons. When cyber events fuel cyber insurance interest, more organizations gain greater access to the right resources – and the market grows. Amid havoc, there is hope.

Editor Erin Ayers can be reached at Follow her on Twitter at @ErinLAyers.