The Wannacry cyber attack in May was the biggest source of cyber insurance enquiries for the first half of the year says a specialist cyber insurance provider, CFC Underwriting. In the four weeks following the Wannacry attack, weekly enquiries rose by nearly 50pc.
Beyond the initial media coverage of Wannacry, headlines continued on the impact of the ransomware attack. Recently, the possible financial impact of cyber events has also been widely reported, which CFC suggests contributing to businesses considering purchasing cyber cover. Lloyd’s of London issued a report which warned that a serious cyber attack could cost the global economy as much as catastrophic natural disasters.
At London-based CFC’s annual Cyber Symposium in November 2016 almost a quarter of cyber insurance professionals in attendance (23pc) said that the “fear factor” of an impending and costly attack played a significant part in the growth of their cyber book in 2016. But this “fear” is now being realised by actual significant losses, the firm syggests. For example, British consumer goods company Reckitt Benckiser lost an estimated £100m in the recent NotPetya ransomware attack, and even the smallest firms can face costs in the hundreds of thousands after an attack.
Independent research conducted for CFC earlier this year highlights the top three elements of cyber crime that concern small businesses – theft of funds, inability to operate due to system outage, and damage to reputation. Yet 48% still do not have an incident response plan in place.
Graeme Newman, Chief Innovation Officer at CFC Underwriting said: “We’d expect to see an uptick, but this really was an unprecedented jump and then sustained interest, compared to previous high profile attacks. Much like a physical flood, businesses could see water running down the street and past their front door, prompting them to take action to guard against a similar threat.
“While headline-grabbing attacks such as these spur businesses into action, we’re no longer living in a world where cyber insurance can be a reactive afterthought. Security can only go so far in protecting against a cyber event – companies must have the right policy and response team in place should they fall victim to an attack. The value of intangible assets now generally outstrips the value of tangible assets on corporate balance sheets and businesses must be ready for this new wave of crime.”