When the Solar Winds attack first hit the headlines, cyber experts referred to the hacking incident as a “national security nightmare”.
Paul Bantick, the global head of cyber and tech, at Beazley noted that many of the losses seen in the cyber space, from ransomware events to extortion events are driven by a financial imperative. The Solar Winds attack was something very different, he said, as it appears to have been about espionage and information gathering. The key takeaway from this event is therefore that that cyber defences need to be constantly evolving to keep up with the evolution of threats. For the insurance industry, this means helping to raise the bar going forward.
Read more: Beazley beefs up cyber coverage for UK firms
“The difference between espionage and some of the more traditional cyber threats that we’re used to looking at is that when you are doing espionage, you don’t want people to know you’re doing it,” he said. “When you’re doing something to cause disruption, the goal is that disruption… So, this definitely was an awakening that there are threats out there that can be exploited to potentially impact a lot of organisations. The good news is that, so far, it looks like the actual number of organisations impacted was nowhere near what it could have been.”
Going forward, Bantick said, the incident will inevitably raise the profile of the impact cyber risks can have on national security, as well as financial resilience, because the target seemed to be more government-type entities. National cyber security is always at the top of the agenda, but now everyone is more focused on it.
“What I think people should focus on now is on what this means for the next six months,” he said. “This event happened, it was quite sophisticated, and it was done in such a way that we now understand much better, so what does that mean? If I’m a corporate, a mid-market company or a business that’s transacting in any country around the world, what does this mean for me in the next six months? What do I need to do to raise the bar?”
From Bantick’s perspective, what is raising the profile of cyber security threats the most is the increasing frequency and severity of ransomware. This kind of attack is something that some of the biggest institutions in the world have fallen foul of, he said, but is also hitting companies on your high street and small, local businesses. He noted that the publicity surrounding ransomware is such that his own children are familiar with the concept when he would not have been aware of similar threats at their age.
The rise in ransomware frequency and severity, alongside its reputational harm and the costs associated with the business interruption that can arise from these events, is, in turn, driving the need for cyber insurance, he said.
The view we take at Beazley is that we are talking about ransomware now, and, 18 months ago, I wouldn’t have been talking about ransomware,” he said. “And my job now is to try and figure out for Beazley and, most importantly, our clients, what it is we are going to be talking about in 18 months, and try and help clients be better prepared and then mitigate a lot of these things ahead of time.”
Whatever the next cyber threat is that evolves, insurance companies need to be primed and ready to provide risk management services and support that will enable their clients to create higher standards and be better protected going forward.
“[So, our focus is] how can we help clients not just only obtain insurance for if something should happen, but how do we actually give them access to the best services so they can continually be raising that risk management bar?” he said. “That, for me, is the way forward for the cyber insurance industry.”
