Cyber: Facing a new Frontier of Risk

WannaCry, a worldwide ransomware attack in May 2017, impacted more than 230,000 computers. Rather than just targeting only large corporate networks, data from personal computers was also held hostage, with ransom payable in Bitcoin being demanded by the hackers to release the malicious block they had placed on the system. This kind of attack is just one of an ever-increasing number of cyber security incident reports–which have increased 300 percent from 2013 to 2016, according to the Hong Kong Computer Emergency Response Team Coordination Centre.

Good fences make good neighbors

No matter how carefully you plan and implement your own security measures, the risk doesn’t end there.

The unfortunate truth is that your suppliers might be the weak link into your network. A hacker may find it easier to sneak past your cyber defenses by first breaking into a supplier’s weaker network, then posing as that supplier to gain access to your system.

What can you do?

The biggest change that companies can make is to shift their cyber strategies from post-breach repair to pre-emptive avoidance measures–preventing attacks before they happen. A good way to start is by assessing organizational risk from a cyber standpoint, and enlisting outside counsel from legal, accounting, and cyber security firms to develop mitigation plans.

It’s also important to develop a data breach response plan, which includes assembling a team, checking network data segmentation and implementing a communications plan. A key element is to regularly test your response plan and ensure all key players stay informed of any updates or changes.

Cyber insurance

With cyber risks developing and evolving rapidly, cyber insurance coverage can improve the resilience of your organization in the event of a cyber breach or attack. Cyber insurance has evolved from providing coverage for settlements from customer litigation to addressing the financial costs related to cyber breach response. Coverage is now being expanded to include theft of company assets using electronic means.

New types of coverage have been created to address 21st century exposures, including coverage for payments related to extortion from malware viruses such as WannaCry. These policies also offer legal services for determining the scope of the threat and negotiating a resolution.

Another risk now being covered is social engineering fraud, wherein a fraudster stakes out a company, gains detailed information of key personnel, then pretends to be either a trusted vendor or the CEO/CFO (or “fake president”) to induce company employees to send money to bank accounts controlled by the fraudster. Theft of crypto currencies such as Bitcoin and Ethereum is now also being included within the scope of modern crime insurance to cater to those companies beginning to use cryptocurrencies in their transactions and operations.

The invisible risk

Cyber risk stands as a new and evolving threat you probably haven’t fully appreciated. It can attack you from multiple directions and come from sources halfway around the world. No matter your level of preparedness, it’s nearly impossible to completely defend yourself–or your company–against a motivated and ever-evolving threat.

In 2016, AIG insured 22,000 commercial clients against cyber-related risks and 22 million individuals against identity theft globally. Cyber risk is here to stay, and although nobody is 100 percent safe from a cyber attack, the smart money is being channeled into the proactive steps needed to protect businesses and bottom lines.