We're sorry but your browser is not supported by Marsh.com.au

For the best experience, please upgrade to a supported browser:



WannaCry Means GottaAct: Lessons in Ransomware’s Wake

Posted By: Thomas Reagan 18 May 2017

For many organisations, the past week brought an unwanted welcome to the new world of cyber risk. The “greeting” came from WannaCry, ransomware that disrupted the UK’s health services, halted a French carmaker’s production, interfered with a US logistics company’s network, and shut down corporate offices in Asia, all in a matter of hours. The attackers sought an almost laughably small ransom from victims — as little as US$300 per infected computer — but the ultimate disruption to the global economy will be much greater.

Endless Risks, Limited Resources

One clear lesson as we look to prevent the next cyber pandemic is that technological infrastructure may be more fragile than previously thought. That means firms must focus on the growing risk of cyber business interruption.

Greater connectivity and complexity among IT networks increases the risk that disruptions will cascade. Such effects may be felt even when your firm escapes the attack but your suppliers and providers fall victim. In fact, unplanned IT and telecom outages are the leading cause of supply chain disruptions1, and can lead to significant loss of revenue and extra expenses.

Three Critical Steps

Beyond addressing technical issues, businesses should consider these three lessons from the WannaCry attacks:

  1. Build resilience through cyber response exercises. WannaCry was a novel piece of malware whose speed and impact were hard to anticipate. Firms should build flexibility, speed, and adaptability into their event-response capabilities. Test, test, and re-test your cyber response plan across your organisation, and identify specialised resources and expertise as you do so. Assess new event scenarios — like complex ransomware threats — so you can quickly adapt to fast-moving events.
  2. Update your risk modelling. Re-think the potential scenarios that could affect your operations, then work with business leaders to consider the potential operational and financial impacts. That can help you evaluate second- and third-order consequences — such as supply chain disruptions and associated financial costs — and determine which risks demand the most focus.
  3. Review and update your cyber insurance program. Networks will continue to become more connected and businesses more dependent on data-sharing. Every business that relies on technology — and most do — should take a fresh look at their cyber insurance program. You should update policies as needed to provide coverage for business interruption and cyber extortion, and re-evaluate program limits in the face of catastrophic scenarios.

Ransomware and other evolving threats will increase in frequency and sophistication. Firms need a comprehensive cyber risk management strategy — including economic risk modelling, optimised cybersecurity and cyber insurance programs, and resilient cyber response capabilities, to ensure a quick, effective response and a timely return to normal operations.

Disclaimer: The information contained in this blog provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Insureds should consult their insurance and legal advisors regarding specific coverage issues. All insurance coverage is subject to the terms, conditions, and exclusions of the applicable individual policies. Marsh cannot provide any assurance that insurance can be obtained for any particular client or for any particular risk.

1 Business Continuity Institute’s Supply Chain Resilience Report 2016

RELATED TO  Cyber Risk , Cyber Risk

Thomas Reagan

Tom oversees client advisory and placement services for cyber risk throughout the U.S. He also serves as the senior cyber advisor for some of Marsh’s largest clients.

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.