A senior executive of a major global insurer has warned firms remain vulnerable to cyberattacks in the face of a rise of high-profile incidents – with a significant percentage still uninsured.
Just a little over half (55%) of Fortune 500 firms, 35% of small- to medium-sized businesses, and 10% of smaller businesses have some form of cyber insurance, according to AIG global head of cyber risk insurance Tracie Grella, as reported by The Wall Street Journal.
And despite the growing risks, there are those who approach investments in insurance with caution because the field is still relatively young.
“We can figure the probability of a quake or a hurricane but don’t know as much in cyber,” said famed investor Warren Buffet during Berkshire Hathaway’s annual shareholder meeting held earlier this month. “It’s uncharted territory on the insurance side and will get worse, not better.”
“I don’t think we or anybody else really knows what they’re doing when writing cyber [insurance]… We don’t want to be a pioneer on this,” he added.
In a separate report by AIG, Grell warned that hackers’ motivations have changed. If before they focused on disclosing and monetising data, now they seek to disrupt firms’ operations to reduce revenue.
The report cited the use of ransomware, which can make important data files inaccessible to firms until they pay the hackers. The “NotPetya” cyberattack of 2017 was a clear example - the ransomware attached itself to Ukrainian tax-filing software, allowing it to spread to multiple multinationals including shipping giant Maersk and pharmaceutical manufacturer Merck, both of which operate in the Ukraine.
Maersk projected that the cyberattack would cause losses of up to US$300 million due to “serious business interruption,” as it had to reinstall and replace hardware.
In 2016 alone, cyberattacks cost the US between US$57 billion and US$109 billion, according to a report by the by the White House Council of Economic Advisers.