Ransomware has dominated the headlines recently. The impact of the recent WannaCry and NotPetya attacks have served as an important warning to businesses – this risk is a global one, and no business is immune, says Graeme Newman, at CFC Underwriting.
More than ever before, it is crucial that companies protect themselves against ransomware attacks and other forms of cyber crime. Putting effective safety measures in place could ultimately save your business from the crippling cost of an attack.
Although ransomware has been a hot topic recently, many still do not fully understand what such an attack actually entails. Ransomware is a form of malware, and the cyber criminals make money by infecting computers and ‘kidnapping’ valuable company information in exchange for a fee. But although the ransom demand is daunting to receive, the real horror stories often lie in the aftermath of an attack, when businesses must juggle the costs and responsibilities of getting back to business as usual.
The worrying rise of ransomware
Ransomware has emerged as one of the most significant threats facing businesses in the past few months. Recent news stories seem to indicate an uptick in this kind of cybercrime – and our data certainly supports this. In Q1 of this year, ransomware accounted for 20.5 per cent of our claims, compared to just 12.9 per cent in the same time period in 2016.
So why is ransomware now such a popular form of cybercrime? Mainly because it is relatively simple to carry out and can reap significant rewards for hackers. It is hard to believe that an attack capable of causing widespread mayhem can originate from an individual simply buying a kit online, but this is often the case. These kits can be modified and used to launch an attack, and what’s worse, the perpetrator stands little chance of being caught.
Despite the somewhat unglamorous origins of ransomware attacks, the act can be completely devastating for businesses. Although the average extortion demand isn’t exactly extraordinary – around $300 on average – we often see claims come in at around $10-20k, with some escalating into the hundreds of thousands. This is due to a number of factors, from business interruption expenses to the cost of bringing in IT specialists, forensic investigators and PR specialists to publically manage the issue.
How can businesses deal with this new threat?
The good news is that all of these are insurable losses under a typical cyber insurance policy. And not only can it cover these costs, but a good policy will incorporate access to specialist providers who can help a business manage the incident when trouble first strikes. Many insurers have panels of specialists in place that can help firms through each stage of incident response.
This new wave of crime is very different to what we have had to deal with before, and good business security is no longer just a case of locking up after office hours. More time and effort must be invested so that everyone involved in the business has a clear understanding of the threats associated with cyber-attacks. Having an insurance policy in place can act to mitigate these costs, and so should be considered essential in the front line of defence against cybercrime.
Graeme Newman is the Chief Innovation Officer at CFC Underwriting