WannaCry Means GottaAct: Lessons in Ransomware’s Wake

For many organisations, the past week brought an unwanted welcome to the new world of cyber risk. The “greeting” came from WannaCry, ransomware that disrupted the UK’s health services, halted a French carmaker’s production, interfered with a US logistics company’s network, and shut down corporate offices in Asia, all in a matter of hours. The attackers sought an almost laughably small ransom from victims — as little as US$300 per infected computer — but the ultimate disruption to the global economy will be much greater.

Endless Risks, Limited Resources

One clear lesson as we look to prevent the next cyber pandemic is that technological infrastructure may be more fragile than previously thought. That means firms must focus on the growing risk of cyber business interruption.

Greater connectivity and complexity among IT networks increases the risk that disruptions will cascade. Such effects may be felt even when your firm escapes the attack but your suppliers and providers fall victim. In fact, unplanned IT and telecom outages are the leading cause of supply chain disruptions¹, and can lead to significant loss of revenue and extra expenses.

Three Critical Steps

Beyond addressing technical issues, businesses should consider these three lessons from the WannaCry attacks:

1. Build resilience through cyber response exercises. WannaCry was a novel piece of malware whose speed and impact were hard to anticipate. Firms should build flexibility, speed, and adaptability into their event-response capabilities. Test, test, and re-test your cyber response plan across your organisation, and identify specialised resources and expertise as you do so. Assess new event scenarios — like complex ransomware threats — so you can quickly adapt to fast-moving events.
2. Update your risk modelling. Re-think the potential scenarios that could affect your operations, then work with business leaders to consider the potential operational and financial impacts. That can help you evaluate second- and third-order consequences — such as supply chain disruptions and associated financial costs — and determine which risks demand the most focus.
3. Review and update your cyber insurance program. Networks will continue to become more connected and businesses more dependent on data-sharing. Every business that relies on technology — and most do — should take a fresh look at their cyber insurance program. You should update policies as needed to provide coverage for business interruption and cyber extortion, and re-evaluate program limits in the face of catastrophic scenarios.

Ransomware and other evolving threats will increase in frequency and sophistication. Firms need a comprehensive cyber risk management strategy — including economic risk modelling, optimised cybersecurity and cyber insurance programs, and resilient cyber response capabilities, to ensure a quick, effective response and a timely return to normal operations.

Disclaimer: The information contained in this blog provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Insureds should consult their insurance and legal advisors regarding specific coverage issues. All insurance coverage is subject to the terms, conditions, and exclusions of the applicable individual policies. Marsh cannot provide any assurance that insurance can be obtained for any particular client or for any particular risk.

¹ Business Continuity Institute’s Supply Chain Resilience Report 2016