« WannaCry », a ransomware cyber-attack of unprecedented scale

Black Friday, that is how May 12, 2017 came to be characterized. Called “WannaCry”, the virus behind the massive cyber-attack, spread havoc throughout the world. This “ransomware” has encrypted victims’ data in order to demand ransom later on comprised between 300 and 600 USD in return for restoring hacked data.
wannacry cyber-attack

According to Interpol, this unprecedented event has targeted more than 300 000 victims in 150 countries spread out worldwide, especially in India, United States and Russia.

On the aftermath of the attack, 30 000 corporate institutions found themselves completely idle such as the British National Health Care System (NHS), the Russian interior ministry, American package delivery company FedEx, Spanish telecommunication operator Telefonica, German public railway company Deutsche Bahn, Renault and Nissan car makers,…

Consequence: Production lines at a standstill for several days, tens of thousands of employees temporarily laid off, information and communication system out of order, disrupted supply chains, transport system halted and health service crippled,...

Moreover, and for several days, experts in cyber security and cyber criminality have been kept on edge, coming to grips with malware evolution as it spread at high speed from one computer to another.

According to initial estimates, hackers have only managed to ream modest sums of about 100 000 USD, but damage remains quite substantial. “WannaCry” is likely to cost several hundred million US dollars while some experts are estimating damage to amount to 4 billion USD.

Cyber-crimes on the rise

The all-digital era showcases its share of new hazards. Ransomware, website piracy, data theft and other assaults are henceforth part of the daily threat that corporate business is up against. According to a survey published in late 2016 by Lloyd’s, 92% of European companies have sustained cyber intrusion during the recent five years.

Kaspersky Lab, a company specialized in the security of information systems, revealed that in 2016 every 40 seconds one company fell prey to ransomware whereas a year before, the very same companies sustained aggression every two minutes.

The scenario most dreaded by specialists and insurers is that of a massive attack of international scale. Such an event may quickly spiral down into chaos of planetary magnitude. This kind of risk is all the more worrying as it jeopardizes not only the performance of companies but also their very existence.

By and large, cyber-attacks are potentially very costly as they account for more than 400 billion USD in annual costs at the global level. The average cost of a single digital assault would exceed 738 000 USD with huge variations according to the kind of business exercised by the company targeted and to the kind of prejudice sustained.

Countries affected by «WannaCry» cyber attack

wannacry cyberattaque© Roke CC BY-SA 3.0

Cyber insurance, a booming market

With cybercrime picking up momentum, insurers are up against the following:

  • an unprecedented event with hardly any statistical data to estimate losses, calculate occurrence likelihood of an event and adequately rate the risk,
  • a large-scale threat that may spiral out of control. An attack of global magnitude may simultaneously target thousands and even millions of users located in tens of countries, hence the difficulty in having clear vision of the market. Insurers are accustomed to covering individual risks distributed in time and space but not planetary disasters.
wannacry cyber-attack

Cyber risks, however, constitute a new niche of growth that is likely able to offset the expected decline in some classes of business such as the motor or bodily injury covers.

Less than 10% of companies are currently insured against these new risks at the global level. Demand for cyber insurance is, therefore, poised to increase rapidly, especially following the recent attack that unveiled the vulnerability of numerous companies and institutions.

In 2016, the global market for cyber risks accounted for 3.5 billion USD in premiums, 80% of which were underwritten in the United States. Europe, where cyber insurance is just starting, accounts for 300 million USD in premiums. According to Munich Re, this market is poised to reach 10 billion USD by 2020.

Cyber-risk covers are essentially designed by Anglo-Saxon insurance companies. For instance, for a typical digital aggression, Lloyd’s, one of the market’s leaders, proposes a guarantee worth 1 to 2 million USD for an annual premium of approximately 10 000 USD.

Several other insurers are also being attracted to this profitable market. Indeed, in early 2017, AXA launched a specific insurance plan while Generali is proposing covers for the benefit of Small and Medium Enterprises (SMEs) for an annual premium of 1000 USD.

Tightening legislation

In Europe, the regulations governing the protection of personal or sensitive data are bound to become even more stringent. The new European directive on the security of networks and information will come into effect in May 2018. It shall require the companies targeted by a cyber-attack to report any similar incident to the competent authorities and to their customers.

Since 2004, the United States has had a set of laws protecting financial or health personal data. Other provisions such as the ones about digital marketing govern the activities that make use of these data.

0
Your rating: None
Advertising Program          Terms of Service          Copyright          Useful links          Social networks          Credits