Insurance Business Have we finally got the message on cyber risk?

Have we finally got the message on cyber risk? Last week was a raucous one for cyber risk.

The world woke up to the biggest ransomware attack in history the weekend before last, then on Tuesday over one million Bell customers had their email addresses stolen and Starbucks suffered a point-of-sale systems crash.

The ransomware hack, called WannaCry, will “inevitably” drive demand for cyber insurance, according to Greg Markell, CEO of cyber at MGA Ridge Canada. 

Meanwhile, Katherine Armstrong, counsel at the legal firm Drinker Biddle, said the fallout from the big cyber story of the week likely wouldn’t make a dent on insurers’ book of business - but the reason for this is not good news.

“Surprisingly, insurance companies will likely not face significant losses as a result of the massive WannaCry attack,” Armstrong said. “However, this is because many of the affected entities likely were not insured.

“Most of the entities affected by WannaCry suffered from one of two vulnerabilities – they failed to run current and supported operating systems, or while running current operating systems, they failed to have current patches and updates installed.”

The only Canadian organization to outright admit it was attacked by WannaCry was an Oshawa community hospital, Lakeridge Health, which said its firewall deflected the attempted assault.

A partner at Drinker Biddle, Kenneth Dort made the point that companies who aren’t duplicating their data are likely vulnerable on two fronts.

“In our experience, entities that do not take reasonable steps to protect their data through patching or regularly backing up data, would very likely not have gone the extra step to obtain cyber insurance as they are already tightly controlling IT costs,” Dort said.

“Furthermore, entities that are not updating and patching would probably not be able to pass a baseline audit from a cyber insurance carrier. As a result, cyber insurance would likely have not been a consideration for many of the entities who were victimized by the WannaCry attack. Perhaps the vulnerabilities identified by this attack will motivate companies to improve their internal cyber vigilance so that they can benefit from the protection of cyber insurance. “

Related stories:
More than a million Bell customer email addresses stolen by cybercriminal
Worldwide cyber breach opens doors for brokers