The recent global ransomware attack has highlighted the important role of the insurance industry in mitigating cyberattacks.
With that in mind, Insurance Business spoke to Gallagher Bassett New Zealand managing director Craig Furness, who said that following WannaCry the demand for cyber insurance is expected to grow. Indeed Gallagher Bassett should be in the know after being awarded ISO27001 certification, the highest international standard for information security, for its New Zealand operations.
According to Furness, the incident has highlighted the opportunity for the insurance industry to help clients manage cyber risk during wide-scale attacks as well as the extent to which the industry is being relied on for advice to prevent cyberattacks.
“Although WannaCry has been the largest ransomware attack to date, experts predict that the frequency and severity of this type of attack will continue to escalate,” he said.
He elaborated that watching news of the attack spreading was comparable to a natural catastrophic event.
“As the news broke, we saw many organisations turning to their brokers and insurers to keep them up to date on the latest developments and provide advice on how to respond,” he noted.
Although WannaCry spread more rapidly than previous attacks, he commented that the types of vulnerability it exploited, which are not new, can be protected against by a robust corporate security program.
“As with any type of insurable incident, brokers and insurers play an important role in educating their clients about how to guard against cyberattacks,” he underscored.
He advised that at a minimum, every company should have strong perimeter firewalls, a reliable email filter, regular updates and patching as well as regular backup of critical data in a manner that is isolated from the rest of the network.
Furness said another way brokers and insurers can support clients is by helping them to educate their workforces about safe internet usage.
“The most vulnerable point in any network is its human users,” he advised. “While you can install firewalls, filters and anti-virus software on every other component of your network, education about online safety is the only way to make the human element of your network secure.”
He said that the most effective thing an organisation can do is create a security culture where staff understand the threat, can spot the danger signs and know how to report anything that looks suspicious.
Gallagher Bassett partners with insurers, brokers, government bodies and self-insured organisations to manage claims across all classes of insurance. “This includes rapid ramp-up support during significant claims spikes such as cyberattacks or catastrophic events,” said Furness.
According to Delta Insurance co-founder Ian Pollard, ransomware attacks comprised 40% of the company’s insured cyber claims over the last 12 months.
“I predict the number of cyber insurers will double over the next two years (from eight to 16) and peak in 2018, making it the best time for New Zealand businesses to buy cyber insurance,” he said. “The global cyber insurance market will increase tenfold within the next eight years from US$3.5 billion to potentially US$25 billion by 2025. The cost of cybercrime will also grow from US$3 trillion in 2015 to US$6 trillion in 2021.
“Sophisticated cyber insurers are conscientious around understanding accumulations for various cyber disaster scenarios and there are some potential risk scenarios that could have very severe and wide-ranging consequences.
“Examples of these include a major cloud provider outage, global malware or ransomware contagion similar to the recent Wannacry event and a global cyber terrorist incident. Any of these events could be truly global in nature and are perhaps the more concerning incidents being silent cyber scenarios exposing non-cyber insurance products to potential cyber-related losses."
Pollard emphasised that ransomware attacks aren’t going away. "New Zealand has had hundreds of ransomware attacks this year and we expect more."