The evolution of ransomware and its threats to client businesses

The evolution of ransomware and its threats to client businesses | Insurance Business New Zealand

The evolution of ransomware and its threats to client businesses

Cybersecurity has been identified as one of New Zealand’s most significant emerging risks, with businesses placing it at the top of their pile of concerns going into 2019 in Allianz’s most recent Risk Barometer. According to a report from Cyber Risk Management (CyRiM), a global ransomware attack could cause US$193 billion in damage to businesses worldwide, meaning insurers are all keeping a watchful eye on this rapidly developing area.

Senior underwriter & financial lines manager John Moore at Delta Insurance spoke to Insurance Business about some of the key emerging cybersecurity risks that businesses face, and some of the preventative measures being taken by insurers to help clients shield themselves against a potential attack.

“Ransomware is one of the biggest emerging risks that we’ve seen over the past few years,” Moore said. “We saw forms of traditional ransomware around 2016 – this was mostly manageable for our insureds that ran cloud backups, as they could retrieve the vast majority of their data and be up and running again quite quickly.”

“But cybercriminals have picked up on the fact that people are running backups, so they’re now targeting organisations in manual attacks,” he explained. “They’ll sit and observe the system before deploying encryption, while also deleting all of the backups stored in the cloud. That’s the biggest change we’ve seen, along with the asking price of the cybercriminals - they used to only demand a couple of bitcoins, but now the ransoms range from $40,000, and when they’re ransoming Fortune 500-type companies, the amounts paid have been in the millions. That’s concerning from an insurance perspective, and that change from traditional ransomware to targeted ransomware is one of the biggest emerging risks that we’ve seen.”

Moore says that although some sectors are hit more than others, cybercriminals usually aren’t too picky about who they target. Although preventative measures to shield from attacks are also evolving, lapses in security can come down to vendor-related issues and a lack of security that clients had assumed was in place, making it difficult to establish an accurate level of exposure.

“There is sometimes a case of ‘honour among thieves’ where the cybercriminals wouldn’t target the healthcare sector, for example, because people could lose their lives if those systems were locked down,” Moore explained. “But there are other cyber groups that will specifically target that sector because those systems hold the most valuable personal data, which can then be used to commit identity theft. Healthcare therefore ends up being one of the most targeted sectors, and the rest can target any type of organisation.”

“The prevention piece is also evolving,” he continued. “When we get a proposal, we’ll typically ask questions around patching, backups, administrative privileges and the like. But we’ve had claims where clients’ vendors have not done those backups correctly, so while the insured may have told us that they always run backups, the reality of the situation is different.

“What we’ve really put a lot of work into is pre-loss assistance, and having software on hand that can help underwrite the risk and do those checks, make sure that things are indeed as their vendors have told them, and that everyone is comfortable with the level of risk and protection.”

According to CyRiM’s recent report, a single attack is capable of encrypting data on over 30 million devices globally, with companies being forced to pay vast sums to retrieve their stolen data. Moore says that claim costs would depend largely on the type of organisation attacked, and what kind of controls they had in place to protect their systems.

“If it’s a New Zealand SME business and they have a good level of protection, their loss might be within the tens of thousands, or less,” he explained. “But the bigger organisations with significant activity and offshore offices have different privacy regimes that come in, so complexities arise within that. It’ll also depend on the type of attack, and the Insurance Council may build up a database on cyber claims at some point in the future so we can get a more detailed look at the frequency and severity of cyber claims.”

Commenting on the CyRiM report and its implications, Delta’s managing director Ian Pollard said that its scenario presents a ‘major threat’ to businesses, and that getting insurance support for this type of risk is becoming increasingly more essential.

“This report further supports the fact that cyberattacks are one of the most dangerous threats facing all businesses,” Pollard said. “This research reveals widespread vulnerabilities. A host of other threats are now emerging amid the rise of technology, such as the Internet of Things and artificial intelligence. Despite the severe threat of cyberattacks worldwide, most businesses remain underprepared. To prevent such attacks, the insurance sector is designing comprehensive insurance solutions for cyber.”

“Getting the right partner in place to provide cyber insurance cover alongside pre- and post-loss risk management solutions ensures businesses can stay ahead of these threats,” he concluded.