The global cybersecurity migraine ramped up a notch last week when it was announced that two major security flaws have been discovered in the microprocessors inside nearly all of the world’s computers.
Two techniques dubbed Meltdown and Spectre could enable hackers to expose crucial data and secrets, such as passwords and encryption keys, from any vulnerable computer, including mobile devices and servers running in so-called cloud computer networks.
“We now live in a time where a cyberattack, technology failure, or human error can cause everything from data theft to supply chain disruptions, hospital shutdowns, hotel room lockouts, blackouts, and even nuclear centrifuge explosions - literally the entire spectrum of known risk,” said Joshua Motta, co-founder and CEO of Coalition.
“That a single flaw, much less two, affecting nearly all of the world’s computers could expose society, even if only theoretically, to these risk exposures on such a massive scale is concerning. It’s this form of accumulation risk that troubles many market observers.”
Meltdown affects nearly every microprocessor made by Intel, which makes chips for more than 90% of computer servers that underpin the internet and private business operations worldwide. It’s particularly threatening for cloud computing services run by companies like Amazon, Google and Microsoft because it allows hackers to get into a cloud service and snatch data. It can be dealt with by software patches, but these are likely to slow affected machines dramatically.
The Spectre flaw is more difficult to exploit and much trickier to fix, according to researchers. Whereas the Meltdown flaw has only affected a few manufacturers, Spectre has been issued by many processor manufacturers.
But what impact will these integral cyber flaws have on the cyber insurance market?
“Vulnerabilities by themselves do not lead to data breaches. While they pose a threat, it is only when a criminal uses the vulnerability to launch an attack that a breach is possible. In this respect, while broader than most known vulnerabilities, it is unlikely that Meltdown or Spectre will lead to a significant increase in cybercrime, or insurable loss,” Motta commented.
“This event demonstrates that cyber risk affects everyone, everywhere. This flaw is neither the first, nor will it be the last. While insurance cannot eliminate cyber risk, it’s the only tool that can eliminate the cost of cyber risk.”
Cyber expert predicts new strain of ransomware attacks in 2018
Is cyber insurance part of the cyber breach problem?