Underwriting agency ProRisk has become the latest company to prove cyberattacks really can happen to anyone after the firm fell victim to a phishing attack.
Speaking to Insurance Business, executive director Hamish Nye confirmed ProRisk had been impacted but insisted the knock-on effects would be minimal.
“We identified the breach very early on and that meant we made a very difficult decision to shut down our system, but the critical thing is that no personal identifiable information was breached,” said Nye. “Confidential correspondence, emails, information – that’s all been secured, and we don’t have reason to put in a breach notification in regard to that.”
Nye also said ProRisk’s technology department is “working round the clock” to get the underwriting agency back online and trading as normal.
“Every effort is being made to minimise any inconvenience to clients and we are updating them on a
regular basis,” he said.
Importantly, Nye also added that any renewing policies will be held on cover, instructions to bind cover will be honoured, and certificates of currency can be provided if urgently needed.
The firm has also set up alternative email addresses to ensure brokers remain connected, which are available on ProRisk’s website.
While the attack is obviously a huge inconvenience for the underwriter, Nye said it also serves as a potent reminder that cyber security and incident response plans have never been more important.
“As a cyber and data risks underwriter myself, I have, for years, reminded brokers that it’s not about whether their clients will be impacted, it’s probably a matter of when,” said Nye. “Malware has become extraordinarily accessible for those who wish to propagate it – and the ability to disseminate it is very high, so there’s a need for all businesses to be vigilant to these threats.”
Nye also noted that, had ProRisk not invested so heavily in its own cyber security and response plans, the impact would likely have been far more severe.
“We invested significantly over the previous 12 months in training and education for staff, in increased anti-virus software, in a specialist consultant’s advice, in ensuring that we had an adequate and fit for purpose disaster recovery plan, and adequate backups,” he told Insurance Business. “Were it not for all of that, the impact on the business would have been devastating but, because of those precautions, we’re in a position to continue to trade and to get the business back on board.”