Petya/GoldenEye Cyber-Attack Drives New Focus on Cyber Resilience
Petya/GoldenEye, the latest global ransomware cyber-attack, has hit major government agencies and operations in the Ukraine and Russia and netted companies in many industries worldwide. In many cases, the attack shut down operations for hours and even days, causing significant business interruption and disruption. While similar to WannaCry in some respects, the Petya/GoldenEye attack demonstrates that more virulent malware can be unleashed with little effort on specific targets and innocent bystanders, with consequences for all.
Insurance and Claims Actions
The full extent of impacted organisations and losses is not yet known, and businesses continue to work to contain the damage. Affected organisations should also take the following steps in relation to their insurance coverage and potential claims:
Review your insurance coverage. In addition to a cyber insurance policy, property, general liability, errors and omissions liability, and directors and officers liability may come into play for your direct losses and any harm your situation may have caused others. If your suppliers or vendors are affected, contingent business interruption coverage under cyber and/or property programmes could apply. Consult your broker or insurer to understand your coverage and how each policy is triggered.
Document the event timeline and quantify the impact. A record of events, from breach through full recovery, can help you estimate the “period of recovery” for the loss. Forensic accountants can help establish a protocol for identifying and properly categorising claim-related costs as well as business interruption, extra expense, or other financial impacts not easily captured. This can help you report within your organisation, recover claims from insurers and third parties, conduct post-mortems to improve cybersecurity, and respond to law enforcement requests for information.
Managing Cyber Risk
Today’s ever-evolving and unpredictable pandemic cyber-attacks necessitate continual assessments and improvements to cyber insurance and risk management programmes. Now is the time to:
Re-evaluate your cyber risk insurance needs. If you already have coverage, assess whether you are covered for business interruption and cyber extortion and re-examine programme limits in relation to potentially catastrophic scenarios. If you haven’t purchased cyber insurance yet, consider that — beyond financial protection — coverage provides access to vital resources to stop damage and recover from a cyber-attack, including technology vendors, legal counsel, and public relations expertise.
Plan for the next event. More global cyber-attacks are likely to occur in the future. Develop concrete plans now to enhance cybersecurity and enterprise resilience, including assessing cybersecurity vulnerabilities, testing cyber incident response plans, and introducing complex ransomware threat scenarios into your exercises and risk modelling.
Taking action now can help reduce your exposure to cyber-attacks that may intentionally target you or reach you through supplier, vendor, and other networks. With best-in-class cyber insurance coverage and cybersecurity management programmes in place, you can improve your resilience in the face of new cyber risk challenges.