The attack surface for cyber risk has been increasing for some time. This is especially in the area of expanding Internet of Things (IOT) device networks and also ransomware which has been tripling every month for some time, mainly in the USA but now global.
Good hygiene in backup systems
Insurance covers do not really address these emerging cyber risks in any entirety and underwriters tend to chase the trends rather than address the changing risks using actuarial data.
For IoT, this is a serious development as distributed denial of service attacks (DDOS) can affect a wide body of connected devices and for ransomware, it is more about good hygiene in backup systems but once the virus is in, it is not easy to remove. There is a need to combine the talents of the CISO and cyber underwriters into data driven underwriting not just privacy.
Big wake-up call
I doubt if the monetary loss in this attack is big enough to be the eureka moment to spur people to spend more resources on protecting data and integrity and move this risk under complete boardroom compliance.
However, like most disaster events, it will take time to know the true loss. The ransom amounts are small and insurance does cover some clean-up and recovery costs. However, it is a big wake-up call both to organisations and insurers for accumulation risk, and steps must be taken to verify data integrity of third and fourth parties mathematically and independently of the organisations that host the data. This converts them to trusted service providers.
For ransomware, the current backup vendors should start to enter into partnerships with the “smart” cybersecurity vendors so the backups are kept clean and monitored in real time. Thus should be an imminent result of the WannaCry attacks, people will be prepared but people have short memories as we know.
Looking at keyless shared ledger environment
However, there is also human error involved here as many large organisations in this attack had old versions of operating systems that opened them up to vulnerable business attacks.
Underwriting cyber without warranty of data integrity and the up-to-date network security will lead to further attacks and increase the accumulation risk. This is the wake-up call for more mitigation and attention to be paid to information assets. Eventually the blockchain trend will move us to a keyless shared ledger environment. When private keys do not exist, they cannot be stolen and ransomed as the use of keyless signature technology protects the data itself and the movement of data between network and devices. Then we will have moved to a better world of mitigation and insurance warranty.
This technology exists now and should be on every boardroom agenda moving forward, future-proofing us from what might be a true cyber black swan, which could be trillions in loss and a world game changer. We have the warning signals. A