UN­PRE­PARED FOR RAN­SOMWARE

Wan­naCry at­tack high­lights need for cov­er­age as busi­nesses face mil­lions in losses

New Straits Times - - Business -

MANY com­pa­nies out­side the United States may not have cover for a re­cent com­puter-sys­tem at­tack, leav­ing them po­ten­tially with mil­lions of dol­lars of losses be­cause there has been rel­a­tively lit­tle take-up of cy­ber in­surance, in­sur­ers say.

A mas­sive ran­somware worm caused dam­age across the globe over the week­end, stop­ping car fac­to­ries, hospi­tals, shops and schools, amid fears it could wreck fresh havoc when em­ploy­ees re­turned to work.

Cy­ber­se­cu­rity ex­perts said the spread of the virus dubbed Wan­naCry — a “ran­somware” that locked up more than 200,000 com­put­ers in more than 150 coun­tries — had slowed but the respite might only be brief.

The cost of get­ting busi­nesses go­ing again could run into the bil­lions of dol­lars, with com­pa­nies in Europe, in­clud­ing Rus­sia, and Asia par­tic­u­larly vul­ner­a­ble.

Nearly nine out 10 cy­ber in­surance poli­cies in the world were in the US, ac­cord­ing to Kevin Kalinich, global head of Aon Plc’s cy­ber risk prac­tice.

The an­nual premium mar­ket stands at US$2.5 to US$3 bil­lion (RM10.8 bil­lion to RM12.98 bil­lion).

The big­gest rea­son for the larger pen­e­tra­tion in the US, said Bob Parisi, US cy­ber prod­uct leader for in­surance bro­ker Marsh, “is that the US has been liv­ing with state breach no­ti­fi­ca­tion laws for the past 10 years”.

Com­pa­nies that were not pre­pared for Wan­naCry could ex­pect to rack up busi­ness in­ter­rup­tion costs that far ex­ceeded a ran­somware pay­ment, said Kalinich.

“If you’re a hospi­tal that turned away pa­tients, if you’re a global de­liv­ery com­pany that can’t send pack­ages, or a tele­com com­pany in Spain, Rus­sia or China, the fi­nan­cial state­ment im­pact from the busi­ness in­ter­rup­tion is much larger than the US$300 ran­somware,” he said.

Or­gan­i­sa­tions hit by the at­tacks, which lock up com­puter sys­tems un­til the vic­tims pay a ran­som, in­cluded Bri­tain’s Na­tional Health Ser­vice, French car man­u­fac­turer Re­nault and Spain’s Tele­fon­ica.

A typ­i­cal cy­ber in­surance pol­icy will pro­tect com­pa­nies against ex­tor­tion like ran­somware at­tacks, which in­sur­ers say have spiked.

Most cy­ber in­surance poli­cies cover breaches of up to US$50 mil­lion, with much of the losses re­lated to the in­ter­rup­tion of the firms’ busi­ness.

Some poli­cies can cover losses for as much as US$500 mil­lion.

Cy­ber in­surance poli­cies also typ­i­cally cover the cost of no­ti­fy­ing those whose data has been breached, hir­ing a pub­lic re­la­tions agency to ad­dress rep­u­ta­tional dam­age and ar­rang­ing credit mon­i­tor­ing for those af­fected, as well as po­ten­tial le­gal suits. Reuters

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.