UNPREPARED FOR RANSOMWARE
WannaCry attack highlights need for coverage as businesses face millions in losses
MANY companies outside the United States may not have cover for a recent computer-system attack, leaving them potentially with millions of dollars of losses because there has been relatively little take-up of cyber insurance, insurers say.
A massive ransomware worm caused damage across the globe over the weekend, stopping car factories, hospitals, shops and schools, amid fears it could wreck fresh havoc when employees returned to work.
Cybersecurity experts said the spread of the virus dubbed WannaCry — a “ransomware” that locked up more than 200,000 computers in more than 150 countries — had slowed but the respite might only be brief.
The cost of getting businesses going again could run into the billions of dollars, with companies in Europe, including Russia, and Asia particularly vulnerable.
Nearly nine out 10 cyber insurance policies in the world were in the US, according to Kevin Kalinich, global head of Aon Plc’s cyber risk practice.
The annual premium market stands at US$2.5 to US$3 billion (RM10.8 billion to RM12.98 billion).
The biggest reason for the larger penetration in the US, said Bob Parisi, US cyber product leader for insurance broker Marsh, “is that the US has been living with state breach notification laws for the past 10 years”.
Companies that were not prepared for WannaCry could expect to rack up business interruption costs that far exceeded a ransomware payment, said Kalinich.
“If you’re a hospital that turned away patients, if you’re a global delivery company that can’t send packages, or a telecom company in Spain, Russia or China, the financial statement impact from the business interruption is much larger than the US$300 ransomware,” he said.
Organisations hit by the attacks, which lock up computer systems until the victims pay a ransom, included Britain’s National Health Service, French car manufacturer Renault and Spain’s Telefonica.
A typical cyber insurance policy will protect companies against extortion like ransomware attacks, which insurers say have spiked.
Most cyber insurance policies cover breaches of up to US$50 million, with much of the losses related to the interruption of the firms’ business.
Some policies can cover losses for as much as US$500 million.
Cyber insurance policies also typically cover the cost of notifying those whose data has been breached, hiring a public relations agency to address reputational damage and arranging credit monitoring for those affected, as well as potential legal suits. Reuters